First published: Thu Oct 13 2022(Updated: )
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
Credit: security@octopus.com
Affected Software | Affected Version | How to fix |
---|---|---|
Octopus Octopus Server | >=2022.1.2121<=2022.1.3135 | |
Octopus Octopus Server | >=2022.2.0<=2022.2.7897 | |
Octopus Octopus Server | >=2022.3.0<=2022.3.10586 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2828 is an Insecure Direct Object Reference (IDOR) vulnerability in Octopus Server that allows the disclosure of information about teams via the API.
CVE-2022-2828 affects Octopus Server by allowing an attacker to reveal information about teams through the API.
CVE-2022-2828 has a severity level of medium, with a CVSS score of 6.5.
Versions of Octopus Server from 2022.1.2121 to 2022.1.3135, 2022.2.0 to 2022.2.7897, and 2022.3.0 to 2022.3.10586 are affected by CVE-2022-2828.
To fix the CVE-2022-2828 vulnerability in Octopus Server, you should upgrade to a version beyond the affected range.