3 matches found
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...
CVE-2022-2572
CVE-2022-2572 affects Octopus Server when authentication is managed by an external provider. The issue: API keys of disabled/deleted users remain valid after access is revoked, enabling potential unauthorized use. Documented impact is high (CVSS 3.1: CRITICAL, 9.8), with network attack vector, no...