PT-2022-14169 · Unknown · Octopus Server

Bartåomiej Gã³Rkiewicz

Published

2022-07-15

Updated

2022-07-27

CVE-2022-1881

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Octopus Server (affected versions not specified)

Description An Insecure Direct Object Reference issue exists, allowing users to download Project Exports from projects they do not have permissions to access. This issue only affects projects within the same Space.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2022-1881

Affected Products

Octopus Server

PT-2022-14169 · Unknown · Octopus Server

CVE-2022-1881

Weakness Enumeration

Related Identifiers

Affected Products

References · 5