CVE-2018-9039

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...

CVE-2018-9039

CVE-2018-9039 affects Octopus Deploy 2.0 and later up to (but not including) 2018.3.7, where an authenticated user with variable-edit permissions can scope some variables to targets beyond their allowed permissions and see machines outside their team’s scoped environments. Root cause: insufficien...

Octopus Deploy elevation of privilege vulnerability (CNVD-2018-04332)

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions prior to 4.1.9. An attacker can exploit this vulnerability to gain Administer System privileges...

CVE-2018-5706

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission...

Code injection

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission...

CVE-2018-5706

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission...

CVE-2018-5706

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission...

CVE-2018-5706

CVE-2018-5706 affects Octopus Deploy before 4.1.9. A user with editing permissions can modify teams using RoleEdit/TeamEdit to grant themselves Administer System privileges, even if not originally authorized. The CNVD/CNVD-2018-04332 entry confirms this elevation-of-privilege path and cites versi...

IBM UrbanCode Deploy Access Bypass Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

CVE-2017-1493

IBM UrbanCode Deploy UCD 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691...

CVE-2017-1493

IBM UrbanCode Deploy UCD 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691...

CVE-2017-1493

IBM UrbanCode Deploy UCD 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691...

CVE-2017-1493

IBM UrbanCode Deploy (UCD) 6.1 (6.1.0–6.1.3.6) and 6.2 (6.2.0–6.2.6.1) are affected by CVE-2017-1493, where an authenticated user could edit objects they should not have access to due to improper access controls. The advisory from IBM reiterates that previous releases allow unauthorized edits. Re...

Octopus Deploy elevation of privilege vulnerability (CNVD-2018-03076)

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions 3.2.11 through 4.1.5. An attacker can exploit the vulnerability to bypass jurisdiction restrictions and potentially elevate privileges...

CVE-2018-4862

In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...

Design/Logic Flaw

In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...

CVE-2018-4862

In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...

CVE-2018-4862

In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...

CVE-2018-4862

CVE-2018-4862 affects Octopus Deploy versions 3.2.11–4.1.5; fixed in 4.1.6. An authenticated user with ProcessEdit permission could reference an Azure account in a way that bypassed scoping restrictions, potentially enabling privilege escalation. The underlying cause is insufficient validation of...

Octopus Deploy Security Bypass Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in versions of Octopus Deploy prior to 4.1.3 that stems from the device update process failing to check if a user has access to all environments. An attacker coul...