CVE-2022-2013

EUVD-2022-34319
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
octopusoctopus_deploy
2022.1.1495 ≤
𝑥
< 2022.1.2647
𝑥
= Vulnerable software versions
References
https://advisories.octopus.com/post/2022/sa2022-05/
https://advisories.octopus.com/post/2022/sa2022-05/