Vulnerabilities > CVE-2020-12286 - Unspecified vulnerability in Octopus Deploy
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.
Vulnerable Configurations
References
- https://github.com/OctopusDeploy/Issues/issues/6331
- https://github.com/OctopusDeploy/Issues/issues/6332
- https://github.com/OctopusDeploy/Issues/issues/6333
- https://github.com/OctopusDeploy/Issues/issues/6331
- https://github.com/OctopusDeploy/Issues/issues/6333
- https://github.com/OctopusDeploy/Issues/issues/6332