2 matches found
Octopus Server 安全漏洞
Octopus Server is an automated deployment platform. A security vulnerability exists in Octopus Server versions prior to 2022.2.7934 and prior to 2022.3.9163, which stems from the ability of an unauthorized created user to view all users, user roles, and permissions...
CVE-2023-20947
In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...