2017-12-13 20:00:00
mitre
PUBLISHED
In Octopus Deploy before 4.1.3, the machine update process doesnt check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.