Andyinaus

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions prior to 2019.12.9 Octopus Deploy versions prior to 2020.1.12 **Description** The TaskView permission is not properly scoped, allowing a user with limited scope to view tasks outside their intended scope. For instance, a user scoped to one tenant can view server tasks belonging to other tenants. **Recommendations** For versions prior to 2019.12.9, update to version 2019.12.9 or later to resolve the issue. For versions prior to 2020.1.12, update to version 2020.1.12 or later to resolve the issue.