CVE-2022-2720

Published: Oct 12, 2022Modified: May 16, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.

Affected (3)

Products: Octopus: Octopus Server

Octopus

1 product

Octopus Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Octopus Octopus Server	From 2022.2.6729 to 2022.2.7934
Octopus Octopus Server	From 2022.3.348 to 2022.3.10586
Octopus Octopus Server	From 3.16.4 to 2022.1.3154

Related CWEs

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

References (2)

https://advisories.octopus.com/post/2022/sa2022-18/

Source: security@octopus.com

Vendor Advisory

https://advisories.octopus.com/post/2022/sa2022-18/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.