Privilege Escalation through User Invitation in Octopus before 3.17.7
CVE-2017-15611 · MEDIUM Severity
AV:N/AC:L/AU:S/C:N/I:P/A:N
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
Learn more about our User Device Pen Test.