VYPR
High severity8.8NVD Advisory· Published Jan 3, 2018· Updated Jun 17, 2026

CVE-2018-4862

CVE-2018-4862

Description

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Octopus/Octopusdeployinferred2 versions
    >=3.2.11,<=4.1.5+ 1 more
    • (no CPE)range: >=3.2.11,<=4.1.5
    • (no CPE)range: 3.2.11 - 4.1.5

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.