CVE-2022-2508

Published: Oct 27, 2022Modified: May 7, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.

Affected (4)

Products: Octopus: Octopus Server

Octopus

1 product

Octopus Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Octopus Octopus Server	Before 2022.1.3264
Octopus Octopus Server	From 2022.2.0 to 2022.2.8351
Octopus Octopus Server	From 2022.3.0 to 2022.3.10586
Octopus Octopus Server	From 2022.4.0 to 2022.4.2898

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://advisories.octopus.com/post/2022/sa2022-22/

Source: security@octopus.com

Vendor Advisory

https://advisories.octopus.com/post/2022/sa2022-22/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.