Vulnerabilities > CVE-2022-1670 - Unspecified vulnerability in Octopus Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

octopus

NVD

Published: 2022-05-19

Updated: 2022-07-27

Summary

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.

Vulnerable Configurations

Part	Description	Count
Application	Octopus Octopus Octopus Server *	1

References

https://advisories.octopus.com/post/2022/sa2022-04/