Lucene search

[email protected]NVD:CVE-2022-2760

HistorySep 28, 2022 - 12:15 p.m.

CVE-2022-2760

2022-09-2812:15:09

CWE-209

[email protected]

web.nvd.nist.gov

octopus deploy

information disclosure

cve-2022-2760

error message

access control

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.

Affected configurations

Nvd

Node

octopusoctopus_serverRange2019.5.7–2022.1.3180

octopusoctopus_serverRange2022.2.0–2022.2.7965

octopusoctopus_serverRange2022.3.0–2022.3.10405

VendorProductVersionCPE
octopusoctopus_server*cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
octopus	octopus_server	*	cpe:2.3:a:octopus:octopus_server::::::::

References

advisories.octopus.com/post/2022/sa2022-14/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2022-2760

prion1 cve1 cvelist1