In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
CPE | Name | Operator | Version |
---|---|---|---|
octopus_server | ge | 2022.4 | |
octopus_server | lt | 2022.4.8063 | |
octopus_server | ge | 3.5 | |
octopus_server | lt | 2022.3.10750 |