3 matches found
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...
CVE-2018-4862
CVE-2018-4862 affects Octopus Deploy versions 3.2.11–4.1.5; fixed in 4.1.6. An authenticated user with ProcessEdit permission could reference an Azure account in a way that bypassed scoping restrictions, potentially enabling privilege escalation. The underlying cause is insufficient validation of...
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...