CVE-2018-4862

HIGH

Octopus Deploy 3.2.11-4.1.5 - Authenticated Privilege Escalation via Azure Account Reference

Title source: llm
STIX 2.1

Description

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.

References (1)

Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/OctopusDeploy/Issues/issues/4134

Scores

CVSS v3 8.8
EPSS 0.0108
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (1)
octopus/octopus_deploy 3.2.11 - 4.1.5
Published Jan 03, 2018
Tracked Since Feb 18, 2026