← back
CVE-2018-9039

CVE-2018-9039

EPSS 1.0%
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/OctopusDeploy/Issues/issues/4407https://octopus.com/downloads/compare?from=2018.3.6&to=2018.3.7