CVE-2022-2259
First published: Mon Mar 13 2023(Updated: )
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items
Credit: security@octopus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octopus Octopus Server | >=2019.1.0<2022.3.11098 | |
| Octopus Octopus Server | >=2022.4.791<2022.4.8463 | |
| Octopus Octopus Server | >=2023.1.4189<2023.1.9672 | |
| Octopus Octopus Server | =2023.2.2028 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2259?
The severity of CVE-2022-2259 is medium with a CVSS score of 4.3.
How does CVE-2022-2259 impact Octopus Deploy?
CVE-2022-2259 allows users to view Workerpools without having the necessary permissions.
Which versions of Octopus Deploy are affected by CVE-2022-2259?
Versions between 2019.1.0 and 2022.3.11098, and versions between 2022.4.791 and 2022.4.8463 of Octopus Deploy are affected by CVE-2022-2259.
How can I fix CVE-2022-2259 in Octopus Deploy?
To fix CVE-2022-2259, upgrade Octopus Deploy to version 2022.4.8463 or later.
Where can I find more information about CVE-2022-2259?
You can find more information about CVE-2022-2259 in the advisory posted on the Octopus Deploy website: https://advisories.octopus.com/post/2023/sa2023-04/
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/octopus
- canonical/octopus octopus server
- version/octopus octopus server/2019.1.0
- version/octopus octopus server/2022.4.791
- version/octopus octopus server/2023.1.4189
- version/octopus octopus server/2023.2.2028