Vulnerabilities > CVE-2022-1881 - Authorization Bypass Through User-Controlled Key vulnerability in Octopus Server

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
octopus
CWE-639

Summary

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.

Vulnerable Configurations

Part Description Count
Application
Octopus
130