CVE-2022-2013
First published: Sun Jun 12 2022(Updated: )
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
Credit: security@octopus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octopus Deploy | >=2022.1.1495<2022.1.2647 | |
| Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2013?
CVE-2022-2013 is considered a medium severity vulnerability.
How do I fix CVE-2022-2013?
To fix CVE-2022-2013, upgrade Octopus Server to version 2022.1.2647 or later.
Who is affected by CVE-2022-2013?
CVE-2022-2013 affects Octopus Server versions between 2022.1.1495 and 2022.1.2647 with private spaces enabled.
What does CVE-2022-2013 exploit?
CVE-2022-2013 exploits the improper access control of the Script Console within user private spaces.
Is there a workaround for CVE-2022-2013?
Currently, there are no known workarounds for CVE-2022-2013, and upgrading is the recommended solution.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/octopus
- canonical/octopus deploy
- version/octopus deploy/2022.1.1495
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows