Vulnerabilities > Octopus > Octopus Deploy > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-17665 | Missing Authorization vulnerability in Octopus Deploy In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. | 8.8 |
| 2017-10-19 | CVE-2017-15609 | Missing Encryption of Sensitive Data vulnerability in Octopus Deploy Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. | 7.5 |