CVE-2022-2760

Summary

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2019.5.7 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.3180affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.7965affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.10586affected

Weaknesses

  • Information exposure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References