Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

On premise Active Directory based privilege escalation #6258

Closed
NickJosevski opened this issue Mar 17, 2020 · 3 comments
Closed

On premise Active Directory based privilege escalation #6258

NickJosevski opened this issue Mar 17, 2020 · 3 comments
Assignees
@NickJosevski
Labels
area/security priority (obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
Milestone
2020.1.5

Comments

@NickJosevski
Copy link

NickJosevski commented Mar 17, 2020
edited
Loading

For customers running on premise Active Directory linked to their Octopus server an authenticated user can leverage a bug to escalate privileges.

This issue has also been fixed in:

CVE: CVE-2020-10678
@NickJosevski NickJosevski added this to the 2020.1.5 milestone Mar 17, 2020
@NickJosevski NickJosevski self-assigned this Mar 17, 2020
@NickJosevski
Copy link
Author

NickJosevski commented Mar 17, 2020
edited
Loading

Release Note: On premise Active Directory privilege escalation bug fixed.

This was referenced Mar 17, 2020
Closed
Closed
@NickJosevski NickJosevski modified the milestones: 2020.1.5, 2020.1.4 Mar 17, 2020
@NickJosevski NickJosevski changed the title Authentication provider sync error On premise Active Directory based privilege escalation Mar 19, 2020
@NickJosevski NickJosevski added area/security priority (obsolete) This issue has been recognised as a priority and should be addressed as soon as possible labels Mar 19, 2020
@ktrommeshauser
Copy link

Will this solve the problem with the SSO link no longer working in 2020.1.4?

@NickJosevski
Copy link
Author

@ktrommeshauser no this was a very specific security fix, do you have a link or more details about the issue you're asking about?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NickJosevski NickJosevski

Labels
area/security priority (obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
Projects
None yet
Milestone
2020.1.5
Development

No branches or pull requests
2 participants
@NickJosevski @ktrommeshauser