Privilege Escalation through User Invitation in Octopus before 3.17.7

Privilege Escalation through User Invitation in Octopus before 3.17.7

CVE-2017-15611 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.

Learn more about our User Device Pen Test.