Octopus Deploy における情報漏えいに関する脆弱性
| Title |
Octopus Deploy における情報漏えいに関する脆弱性
|
| Summary |
Octopus Deploy には、情報漏えいに関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される、および情報を改ざんされる可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
April 30, 2018, midnight |
| Registration Date |
July 2, 2018, 5:46 p.m. |
| Last Update |
July 2, 2018, 5:46 p.m. |
|
CVSS3.0 : 警告
|
| Score |
5.4
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
|
CVSS2.0 : 警告
|
| Score |
5.5
|
| Vector |
AV:N/AC:L/Au:S/C:P/I:P/A:N |
Affected System
| Octopus Deploy Pty. Ltd. |
|
Octopus Deploy 2018.4.7 より前の 3.4.x
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2018年07月02日]
掲載 |
July 2, 2018, 5:46 p.m. |
NVD Vulnerability Information
CVE-2018-10581
| Summary |
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment.
|
| Publication Date |
May 1, 2018, 10:29 p.m. |
| Registration Date |
March 1, 2021, 6:42 p.m. |
| Last Update |
Nov. 21, 2024, 12:41 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:* |
3.4.0 |
|
|
2018.4.7 |
Related information, measures and tools
Common Vulnerabilities List