In affected versions of Octopus Deploy users of certain...
Moderate severity
Unreviewed
Published
Jan 3, 2023
to the GitHub Advisory Database
•
Updated Apr 10, 2025
Description
Published by the National Vulnerability Database
Jan 3, 2023
Published to the GitHub Advisory Database
Jan 3, 2023
Last updated
Apr 10, 2025
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
References