2 matches found
CVE-2018-9039
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...
CVE-2018-9039
CVE-2018-9039 affects Octopus Deploy 2.0 and later up to (but not including) 2018.3.7, where an authenticated user with variable-edit permissions can scope some variables to targets beyond their allowed permissions and see machines outside their team’s scoped environments. Root cause: insufficien...