CVE-2018-12884

In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
octopusoctopus_deploy
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/OctopusDeploy/Issues/issues/4674
https://github.com/OctopusDeploy/Issues/issues/4674