CVE-2022-2760

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
OctopusCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
octopusoctopus_server
2019.5.7 ≤
𝑥
< 2022.1.3180
octopusoctopus_server
2022.2.0 ≤
𝑥
< 2022.2.7965
octopusoctopus_server
2022.3.0 ≤
𝑥
< 2022.3.10405
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.octopus.com/post/2022/sa2022-14/
https://advisories.octopus.com/post/2022/sa2022-14/