CVE-2022-1670
N/A
N/A
Summary
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Octopus Deploy | Octopus Server | 0.9 < unspecified | affected |
| Octopus Deploy | Octopus Server | unspecified < 2021.3.12533 | affected |
| Octopus Deploy | Octopus Server | 2022.1.0 < unspecified | affected |
| Octopus Deploy | Octopus Server | unspecified < 2022.1.53 | affected |
Weaknesses
- User invitation limit in Octopus Server can be exceeded
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.