CVE-2018-12884

EUVD-2018-4837
In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
octopusoctopus_deploy
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/OctopusDeploy/Issues/issues/4674
https://github.com/OctopusDeploy/Issues/issues/4674