CVE-2022-2828

Summary

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2022.1.2121 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.3135affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.7897affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.10586affected

Weaknesses

  • Information Exposure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References