First published: Fri Jul 15 2022(Updated: )
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
Credit: security@octopus.com
Affected Software | Affected Version | How to fix |
---|---|---|
Octopus Octopus Server | >=2021.1.6959<2021.3.13021 | |
Octopus Octopus Server | >=2022.1.2121<2022.1.2894 | |
Octopus Octopus Server | >=2022.2.6729<2022.2.6971 | |
Octopus Octopus Server | >=2022.3.348<2022.3.2616 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1881 is an Insecure Direct Object Reference vulnerability in Octopus Server that allows unauthorized download of Project Exports within the same Space.
CVE-2022-1881 has a severity value of 5.3, considered medium.
To fix CVE-2022-1881, it is recommended to update Octopus Server to a version that addresses this vulnerability.