CVE-2018-9039
N/A
N/A
Summary
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/OctopusDeploy/Issues/issues/4407
- https://octopus.com/downloads/compare?from=2018.3.6&to=2018.3.7
References
- https://github.com/OctopusDeploy/Issues/issues/4407
- https://octopus.com/downloads/compare?from=2018.3.6&to=2018.3.7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.