Back to search
CVE-2020-16197
Published: Aug 25, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/OctopusDeploy/Issues/issues/6531
x_refsource_CONFIRM
https://github.com/OctopusDeploy/Issues/issues/6529
x_refsource_CONFIRM
https://github.com/OctopusDeploy/Issues/issues/6530
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now