What is the severity of CVE-2022-2258?

CVE-2022-2258 has a medium severity rating due to the improper handling of permissions allowing unauthorized access to Tagsets.

How do I fix CVE-2022-2258?

To remediate CVE-2022-2258, update Octopus Deploy to a version beyond 2022.3.11098, 2022.4.791 through 2022.4.8463, or 2023.1.4189 through 2023.1.9672.

What types of software are affected by CVE-2022-2258?

CVE-2022-2258 affects several versions of Octopus Deploy Server, including those from 2019.1.0 up to 2023.1.9672 and specific version 2023.2.2028.

Who is impacted by CVE-2022-2258?

Users of Octopus Deploy versions as specified in CVE-2022-2258 may be impacted if they have not been assigned permissions to view Tagsets.

Is there a workaround for CVE-2022-2258?

There are currently no known workarounds for CVE-2022-2258; the only solution is to upgrade to a patched version.

Vulnerability/
CVE-2022-2258

medium

4.3

13/3/2023

27/2/2025

CVE-2022-2258

First published: Mon Mar 13 2023(Updated: )

In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items

Credit: security@octopus.com

Affected Software	Affected Version	How to fix
Octopus Deploy	>=2019.1.0<2022.3.11098
Octopus Deploy	>=2022.4.791<2022.4.8463
Octopus Deploy	>=2023.1.4189<2023.1.9672
Octopus Deploy	=2023.2.2028
	>=2019.1.0<2022.3.11098
	>=2022.4.791<2022.4.8463
	>=2023.1.4189<2023.1.9672
	=2023.2.2028

Never miss a vulnerability like this again

Reference Links

https://advisories.octopus.com/post/2023/sa2023-03/

Frequently Asked Questions

What is the severity of CVE-2022-2258?
CVE-2022-2258 has a medium severity rating due to the improper handling of permissions allowing unauthorized access to Tagsets.
How do I fix CVE-2022-2258?
To remediate CVE-2022-2258, update Octopus Deploy to a version beyond 2022.3.11098, 2022.4.791 through 2022.4.8463, or 2023.1.4189 through 2023.1.9672.
What types of software are affected by CVE-2022-2258?
CVE-2022-2258 affects several versions of Octopus Deploy Server, including those from 2019.1.0 up to 2023.1.9672 and specific version 2023.2.2028.
Who is impacted by CVE-2022-2258?
Users of Octopus Deploy versions as specified in CVE-2022-2258 may be impacted if they have not been assigned permissions to view Tagsets.
Is there a workaround for CVE-2022-2258?
There are currently no known workarounds for CVE-2022-2258; the only solution is to upgrade to a patched version.

agent/type
agent/severity
agent/author
agent/references
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/octopus
canonical/octopus deploy
version/octopus deploy/2019.1.0
version/octopus deploy/2022.4.791
version/octopus deploy/2023.1.4189
version/octopus deploy/2023.2.2028

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.