CVE-2020-12286

Published: 2020-04-28T07:15Z

Last Modified: 2024-11-21T04:59Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt