CVE-2024-4811

Summary

In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2023.1 < 2023.4.8608affected
Octopus DeployOctopus Server2024.1 < 2024.1.12759affected
Octopus DeployOctopus Server2024.2 < 2024.2.9193affected

Weaknesses

  • Access to failed project imports in restricted spaces

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References