#VU37014 Improper Privilege Management in Octopus Deploy - CVE-2018-12884 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU37014

#VU37014 Improper Privilege Management in Octopus Deploy - CVE-2018-12884

Published: June 26, 2018 / Updated: August 8, 2020


Vulnerability identifier: #VU37014
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-12884
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Octopus Deploy
Software vendor:
Octopus Deploy

Description

The vulnerability allows a remote authenticated user to manipulate data.

In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.


Remediation

Install update from vendor's website.

External links