CVE-2022-1502

Summary

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server<affected

Weaknesses

  • Broken access control in API for projects using Git VCS in Octopus Server

ADP Enrichment

CVE Program Container

Additional References

References