An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.
References
Link | Resource |
---|---|
https://github.com/OctopusDeploy/Issues/issues/4167 | Issue Tracking Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-16T10:00:00
Updated: 2018-01-16T09:57:01
Reserved: 2018-01-16T00:00:00
Link: CVE-2018-5706
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-16T10:29:00.213
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-5706
JSON object: View
Redhat Information
No data.
CWE