First published: Tue Jan 03 2023(Updated: )
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
Credit: security@octopus.com
Affected Software | Affected Version | How to fix |
---|---|---|
Octopus Octopus Server | >=3.5<2022.3.10750 | |
Octopus Octopus Server | >=2022.4<2022.4.8063 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.