CVE-2022-2760
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Octopus Deploy | Octopus Server | 2019.5.7 < unspecified | affected |
| Octopus Deploy | Octopus Server | unspecified < 2022.1.3180 | affected |
| Octopus Deploy | Octopus Server | 2022.2.6729 < unspecified | affected |
| Octopus Deploy | Octopus Server | unspecified < 2022.2.7965 | affected |
| Octopus Deploy | Octopus Server | 2022.3.348 < unspecified | affected |
| Octopus Deploy | Octopus Server | unspecified < 2022.3.10586 | affected |
Weaknesses
- Information exposure
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.