// For flags

CVE-2021-26556

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.

Cuando Octopus Server se instala usando una ubicación de carpeta personalizada, las ACL de carpeta no se establecen correctamente y podrían conllevar a que un usuario no privilegiado use una carga lateral de DLL para conseguir acceso privilegiado

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-02-02 CVE Reserved
  • 2021-10-07 CVE Published
  • 2024-06-22 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-426: Untrusted Search Path
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Octopus
Search vendor "Octopus"
 Octopus Deploy
Search vendor "Octopus" for product "Octopus Deploy"
 >= 0.9 < 2020.4.229
Search vendor "Octopus" for product "Octopus Deploy" and version " >= 0.9 < 2020.4.229"
-
Affected
Octopus
Search vendor "Octopus"
 Octopus Server
Search vendor "Octopus" for product "Octopus Server"
 >= 2020.5.0 < 2020.5.256
Search vendor "Octopus" for product "Octopus Server" and version " >= 2020.5.0 < 2020.5.256"
-
Affected