CVE-2022-1502

Published: May 4, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

Affected (2)

Products: Octopus: Server

Octopus

1 product

Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Octopus Server	From 2021.3 to 2021.3.12725
Octopus Server	From 2022.1 to 2022.1.2454

References (2)

https://advisories.octopus.com/post/2022/sa2022-03/

Source: security@octopus.com

PatchVendor Advisory

https://advisories.octopus.com/post/2022/sa2022-03/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.