Variable Scoping Vulnerability in Octopus Deploy 2.0 and later

Variable Scoping Vulnerability in Octopus Deploy 2.0 and later

CVE-2018-9039 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.

Learn more about our User Device Pen Test.