Vulnerabilities > CVE-2022-1502 - Unspecified vulnerability in Octopus Server

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

octopus

NVD

Published: 2022-05-04

Updated: 2023-08-08

Summary

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

Vulnerable Configurations

Part	Description	Count
Application	Octopus Octopus Server 2022.1.2121 Octopus Server 2022.1.2128 Octopus Server 2022.1.2133 Octopus Server 2022.1.2232 Octopus Server 2022.1.2264 Octopus Server 2022.1.2274 Octopus Server 2022.1.2278 Octopus Server 2022.1.2300 Octopus Server 2022.1.2332 Octopus Server 2022.1.2342 Octopus Server 2022.1.2364 Octopus Server 2022.1.2386 Octopus Server 2022.1.2412 Octopus Server 2022.1.2438 Octopus Server 2021.3.8275 Octopus Server 2021.3.12120 Octopus Server 2021.3.12132 Octopus Server 2021.3.12313 Octopus Server 2021.3.12355 Octopus Server 2021.3.12372 Octopus Server 2021.3.12461 Octopus Server 2021.3.12534 Octopus Server 2021.3.12582 Octopus Server 2021.3.12605 Octopus Server 2021.3.12646 Octopus Server 2021.3.12694 Octopus Server 2021.3.12714	27

References

https://advisories.octopus.com/post/2022/sa2022-03/