Vulnerabilities > CVE-2022-2013 - Unspecified vulnerability in Octopus Deploy

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

octopus

NVD

Published: 2022-06-13

Updated: 2022-06-17

Summary

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.

Vulnerable Configurations

Part	Description	Count
Application	Octopus Octopus Octopus Deploy *	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://advisories.octopus.com/post/2022/sa2022-05/