CVE-2021-26556

Summary

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server0.9 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2020.4.229affected
Octopus DeployOctopus Server2020.5.0 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2020.5.256affected

Weaknesses

  • Local privilege escalation in Octopus Server (Windows)

ADP Enrichment

CVE Program Container

Additional References

References