Vulnerabilities > Octopus > Octopus Deploy > 3.2.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2018-4862 | Improper Privilege Management vulnerability in Octopus Deploy In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges. | 6.5 |
| 2017-12-13 | CVE-2017-17665 | Missing Authorization vulnerability in Octopus Deploy In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. | 6.5 |
| 2017-10-19 | CVE-2017-15611 | Incorrect Permission Assignment for Critical Resource vulnerability in Octopus Deploy In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges. | 4.0 |
| 2017-10-19 | CVE-2017-15610 | Information Exposure vulnerability in Octopus Deploy An issue was discovered in Octopus before 3.17.7. | 4.0 |
| 2017-10-19 | CVE-2017-15609 | Missing Encryption of Sensitive Data vulnerability in Octopus Deploy Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. | 5.0 |