High severity8.8NVD Advisory· Published Jan 3, 2018· Updated Jun 17, 2026
CVE-2018-4862
CVE-2018-4862
Description
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=3.2.11,<=4.1.5+ 1 more
- (no CPE)range: >=3.2.11,<=4.1.5
- (no CPE)range: 3.2.11 - 4.1.5
Patches
Vulnerability mechanics
References
1- github.com/OctopusDeploy/Issues/issues/4134nvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.