CVE-2022-2013

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
OctopusCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
octopusoctopus_deploy
2022.1.1495 ≤
𝑥
< 2022.1.2647
𝑥
= Vulnerable software versions
References
https://advisories.octopus.com/post/2022/sa2022-05/
https://advisories.octopus.com/post/2022/sa2022-05/