Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Variable[View/Edit]Unscoped permissions don't comply with project scoping (CVE-2019-11632) #5528
This user should not be able to view the Unscoped variable within OctoFX, because their
This user is able to see the unscoped variables from the project OctoFX, regardless of how their
In 2018.10.6 (working)
In 2019.4.4 (failing)
These affected permissions are not used by an built in roles in Octopus. If you are using built in roles only, then you will not be affected.
Affected versions of Octopus Server
There is no known way of preserving the same access control that existed before this regression was introduced.
Until an upgrade can be performed to a version of Octopus Server where this bug has been fixed, It is recommended that the