cvedb.io
CVE-2018-5706
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-01-16T10:29:00.213 · Last modified 2026-06-17T02:00:37.857

Summary

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

Affected products

octopus — octopus_deploy

Does this affect you?

Add your gear to cvedb and we'll alert you only when octopus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.