CVE-2022-2013

Summary

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2022.1.1495 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.2647affected

Weaknesses

  • Broken Access Control

ADP Enrichment

CVE Program Container

Additional References

References