Slewis74

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions 2019.4.0 through 2019.6.x before 2019.6.6 Octopus Deploy versions 2019.7.x before 2019.7.6 **Description** An authenticated system administrator can view sensitive values by visiting a server configuration page or making an API call. **Recommendations** For Octopus Deploy versions 2019.4.0 through 2019.6.x before 2019.6.6, update to version 2019.6.6 or later. For Octopus Deploy versions 2019.7.x before 2019.7.6, update to version 2019.7.6 or later.

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions 3.2.11 through 4.1.5 **Description** The issue allows an authenticated user with ProcessEdit permission to bypass scoping restrictions by referencing an Azure account in a specific way, potentially leading to an escalation of privileges. **Recommendations** For versions 3.2.11 through 4.1.5, update to version 4.1.6 to resolve the issue.