CVE-2022-2013

Published: Jun 13, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.

Affected (1)

Products: Octopus: Octopus Deploy

Octopus

1 product

Octopus Deploy

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Octopus Octopus Deploy	From 2022.1.1495 to 2022.1.2647

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

References (2)

https://advisories.octopus.com/post/2022/sa2022-05/

Source: security@octopus.com

Vendor Advisory

https://advisories.octopus.com/post/2022/sa2022-05/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.