CVE-2022-2760

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.

Published: Sep 28, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-2760
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
octopus / octopus_server	2022.3.0	2022.3.10405
octopus / octopus_server	2022.2.0	2022.2.7965
octopus / octopus_server	2019.5.7	2022.1.3180

https://advisories.octopus.com/post/2022/sa2022-14/

Vulnerability Database

289,697

CVE-2022-2760