Main Vulnerability Database Vulnerabilities #VU31316

#VU31316 Improper Privilege Management in Octopus Deploy - CVE-2018-10550

Published: April 30, 2018 / Updated: July 17, 2020

Vulnerability identifier: #VU31316

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-10550

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Octopus Deploy

Software vendor:
Octopus Deploy

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.

Install update from vendor's website.