Vulnerability identifier: #VU20478
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
Vendor: Octopus Deploy
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated user with VariableView permissions can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versions
Octopus Deploy: 2019.7.3 - 2019.7.10
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?