Design/Logic Flaw

2023-08-0206:15:00

PRIOn knowledge base

www.prio-n.com

octopus deploy

vulnerability

environment enumeration

low privileged user

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.

CPENameOperatorVersion
octopus_serverge2023.2.2028
octopus_serverlt2023.2.10545
octopus_serverge2023.1.4189
octopus_serverlt2023.1.10235
octopus_serverge2019.4.0
octopus_serverlt2022.4.9997

Name	Operator	Version
octopus_server	ge	2023.2.2028
octopus_server	lt	2023.2.10545
octopus_server	ge	2023.1.4189
octopus_server	lt	2023.1.10235
octopus_server	ge	2019.4.0
octopus_server	lt	2022.4.9997

References

advisories.octopus.com/post/2023/sa2023-11/