CVE-2017-15610

2017-10-19T08:29:00
ID CVE-2017-15610
Type cve
Reporter cve@mitre.org
Modified 2017-10-25T11:52:00

Description

An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key.