Main Vulnerability Database Vulnerabilities #VU37014

Improper Privilege Management in Octopus Deploy - CVE-2018-12884

Published: June 26, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37014

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-12884

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Octopus Deploy

Affected software:
Octopus Deploy

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.

How to mitigate CVE-2018-12884

Install update from vendor's website.

Sources

https://github.com/OctopusDeploy/Issues/issues/4674

Improper Privilege Management in Octopus Deploy - CVE-2018-12884

Detailed vulnerability description

How to mitigate CVE-2018-12884

Sources

Please verify you're human