cbcvebase.
CVE-2018-9039
published 2018-03-27

CVE-2018-9039: In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their…

PriorityP430medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
1.04%
59.8th percentile
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.

Affected

1 ranges
VendorProductVersion rangeFixed in
octopusoctopus_deploy>= 2.0 < 2018.3.72018.3.7

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.