Lucene search
HistoryOct 13, 2022 - 5:15 a.m.
CVE-2022-2828
cve-2022-2828
octopus server
api
idor
vulnerability
information security
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.5%
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
Affected configurations
Node
octopusoctopus_serverRange2022.1.2121–2022.1.3135
ORoctopusoctopus_serverRange2022.2.0–2022.2.7897
ORoctopusoctopus_serverRange2022.3.0–2022.3.10586
CNA Affected
[
{
"vendor": "Octopus Deploy",
"product": "Octopus Server",
"versions": [
{
"version": "2022.1.2121",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "2022.1.3135",
"status": "affected",
"versionType": "custom"
},
{
"version": "2022.2.6729",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "2022.2.7897",
"status": "affected",
"versionType": "custom"
},
{
"version": "2022.3.348",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "2022.3.10586",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-10-13 05:15:00
cvelist
cvelist
CVE-2022-2828
2022-10-13 00:00:00
nvd
nvd
CVE-2022-2828
2022-10-13 05:15:08
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.5%
Related for CVE-2022-2828