CVE-2022-2760

EPSS 0.24%
Veröffentlicht 28.09.2022 12:15:09
Zuletzt bearbeitet 21.05.2025 15:15:56
Quelle security@octopus.com
CVE-Watchlists
Login
Unerledigt
Login

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octopus ≫ Octopus Server Version >= 2019.5.7 < 2022.1.3180

Octopus ≫ Octopus Server Version >= 2022.2.0 < 2022.2.7965

Octopus ≫ Octopus Server Version >= 2022.3.0 < 2022.3.10405

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.47

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://advisories.octopus.com/post/2022/sa2022-14/

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2760

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2760

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2760

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-2760