First published: Tue Mar 27 2018(Updated: )
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Octopus Octopus Deploy | >=2.0<2018.3.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.