High severity8.1NVD Advisory· Published May 1, 2019· Updated Jun 17, 2026
CVE-2019-11632
CVE-2019-11632
Description
In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=2019.1.0,<=2019.3.1 || >=2019.4.0,<=2019.4.5+ 1 more
- (no CPE)range: >=2019.1.0,<=2019.3.1 || >=2019.4.0,<=2019.4.5
- (no CPE)range: 2019.1.0-2019.3.1, 2019.4.0-2019.4.5
Patches
Vulnerability mechanics
References
2- github.com/OctopusDeploy/Issues/issues/5528nvdExploitThird Party Advisory
- github.com/OctopusDeploy/Issues/issues/5529nvdThird Party Advisory
News mentions
0No linked articles in our index yet.