CVE-2019-11632
N/A
N/A
Summary
In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/OctopusDeploy/Issues/issues/5528
- https://github.com/OctopusDeploy/Issues/issues/5529
References
- https://github.com/OctopusDeploy/Issues/issues/5528
- https://github.com/OctopusDeploy/Issues/issues/5529
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.