Unrestricted Access to Target and Tenant Tag Variables in Octopus Deploy

Unrestricted Access to Target and Tenant Tag Variables in Octopus Deploy

CVE-2018-10550 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.

Learn more about our User Device Pen Test.