Code injection

2023-03-1305:15:00

PRIOn knowledge base

www.prio-n.com

octopus deploy

user permissions

vulnerability

code injection

nvd

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.2%

JSON

In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items

CPENameOperatorVersion
octopus_serverge2019.1.0
octopus_serverlt2022.3.11098
octopus_serverge2023.1.4189
octopus_serverlt2023.1.9672
octopus_serverge2022.4.791
octopus_serverlt2022.4.8463
octopus_servereq2023.2.2028

Name	Operator	Version
octopus_server	ge	2019.1.0
octopus_server	lt	2022.3.11098
octopus_server	ge	2023.1.4189
octopus_server	lt	2023.1.9672
octopus_server	ge	2022.4.791
octopus_server	lt	2022.4.8463
octopus_server	eq	2023.2.2028

References

advisories.octopus.com/post/2023/sa2023-03/