An issue exists in Octopus Deploy prior to 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
octopus octopus deploy |