CVE-2022-2828
First published: Thu Oct 13 2022(Updated: )
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
Credit: security@octopus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octopus Octopus Server | >=2022.1.2121<=2022.1.3135 | |
| Octopus Octopus Server | >=2022.2.0<=2022.2.7897 | |
| Octopus Octopus Server | >=2022.3.0<=2022.3.10586 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-2828?
CVE-2022-2828 is an Insecure Direct Object Reference (IDOR) vulnerability in Octopus Server that allows the disclosure of information about teams via the API.
How does CVE-2022-2828 affect Octopus Server?
CVE-2022-2828 affects Octopus Server by allowing an attacker to reveal information about teams through the API.
What is the severity of CVE-2022-2828?
CVE-2022-2828 has a severity level of medium, with a CVSS score of 6.5.
What versions of Octopus Server are affected by CVE-2022-2828?
Versions of Octopus Server from 2022.1.2121 to 2022.1.3135, 2022.2.0 to 2022.2.7897, and 2022.3.0 to 2022.3.10586 are affected by CVE-2022-2828.
How can the CVE-2022-2828 vulnerability in Octopus Server be fixed?
To fix the CVE-2022-2828 vulnerability in Octopus Server, you should upgrade to a version beyond the affected range.
- collector/nvd-index
- vendor/octopus
- canonical/octopus octopus server
- version/octopus octopus server/2022.1.2121
- version/octopus octopus server/2022.1.3135
- version/octopus octopus server/2022.2.0
- version/octopus octopus server/2022.2.7897
- version/octopus octopus server/2022.3.0
- version/octopus octopus server/2022.3.10586