Vulnerabilities > Octopus > Octopus Deploy > 2018.3.10

DATE CVE VULNERABILITY TITLE RISK
2018-05-01 CVE-2018-10581 Information Exposure vulnerability in Octopus Deploy
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping.
network
low complexity
octopus CWE-200
5.4
2018-04-30 CVE-2018-10550 Improper Privilege Management vulnerability in Octopus Deploy
In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
network
low complexity
octopus CWE-269
7.5