Unrestricted Access to Target and Tenant Tag Variables in Octopus Deploy
CVE-2018-10550 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
Learn more about our User Device Pen Test.