Security Advisory

CVE-2017-15610

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-10-19 08:00:00

Last updated 2024-08-05 19:57:27

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key.

← Browse all CVEs View on cve.org ↗