Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Octopus Deploy 安全漏洞
Vulnerability Description
Octopus Deploy是澳大利亚Octopus Deploy公司的一款用于.NET、Java等应用程序的开发部署的自动化工具。 Octopus Deploy 2018.4.7之前的3.4.x版本中存在安全漏洞。攻击者可利用该漏洞查看/更新/保存Tenant Variables区域内的变量值。
CVSS Information
N/A
Vulnerability Type
N/A