6 matches found
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...
Path traversal
The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...
CVE-2013-6428
The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...
CVE-2013-6428
The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...