CVE-2022-2528

Summary

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server3.0 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.3106affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.7718affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.7782affected

Weaknesses

  • Broken Access Control

ADP Enrichment

CVE Program Container

Additional References

References