Lucene search
HistoryJul 15, 2022 - 8:15 a.m.
CVE-2022-1881
octopus server
insecure direct object reference
project exports
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
31.3%
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
Affected configurations
Node
octopusoctopus_serverRange2021.1.6959–2021.3.13021
ORoctopusoctopus_serverRange2022.1.2121–2022.1.2894
ORoctopusoctopus_serverRange2022.2.6729–2022.2.6971
ORoctopusoctopus_serverRange2022.3.348–2022.3.2616
| Vendor | Product | Version | CPE |
|---|---|---|---|
| octopus | octopus_server | * | cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2022-1881
2022-07-15 08:15:07
cvelist
cvelist
CVE-2022-1881
2022-07-15 07:40:10
prion
prion
Design/Logic Flaw
2022-07-15 08:15:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
31.3%
Related for NVD:CVE-2022-1881