CVE-2022-4870

2023-05-1800:00:00

Octopus

www.cve.org

octopus deploy

vulnerability

network disclosure

error message

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

18.3%

JSON

In affected versions of Octopus Deploy it is possible to discover network details via error message

CNA Affected

[
  {
    "vendor": "Octopus Deploy",
    "product": "Octopus Server",
    "versions": [
      {
        "version": "3.0",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "2023.1.9879",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

advisories.octopus.com/post/2023/sa2023-09/