First published: Mon Mar 13 2023(Updated: )
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items
Credit: security@octopus.com
Affected Software | Affected Version | How to fix |
---|---|---|
Octopus Octopus Server | >=2019.1.0<2022.3.11098 | |
Octopus Octopus Server | >=2022.4.791<2022.4.8463 | |
Octopus Octopus Server | >=2023.1.4189<2023.1.9672 | |
Octopus Octopus Server | =2023.2.2028 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-2259 is medium with a CVSS score of 4.3.
CVE-2022-2259 allows users to view Workerpools without having the necessary permissions.
Versions between 2019.1.0 and 2022.3.11098, and versions between 2022.4.791 and 2022.4.8463 of Octopus Deploy are affected by CVE-2022-2259.
To fix CVE-2022-2259, upgrade Octopus Deploy to version 2022.4.8463 or later.
You can find more information about CVE-2022-2259 in the advisory posted on the Octopus Deploy website: https://advisories.octopus.com/post/2023/sa2023-04/