Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 4, 2024
CVE-2020-12286
CVE-2020-12286
Description
In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Octopus Deploy/Octopus Deploydescription
- Range: <2019.12.9, <2020.1.12
Patches
Vulnerability mechanics
References
3- github.com/OctopusDeploy/Issues/issues/6331mitrex_refsource_MISC
- github.com/OctopusDeploy/Issues/issues/6332mitrex_refsource_MISC
- github.com/OctopusDeploy/Issues/issues/6333mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.