In Octopus Deploy prior to 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
octopus octopus deploy |