Reecewalsh

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions 2.0 through 2018.3.6 **Description** The issue allows an authenticated user with variable edit permissions to scope some variables to targets beyond their allowed permissions, enabling them to see machines outside their team's scoped environments. **Recommendations** For Octopus Deploy versions 2.0 through 2018.3.6, update to version 2018.3.7 or later to resolve the issue.