Back

CVE-2024-4226

April 30, 2024, 1:11 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Octopus Server

  • before the fixed versions listed

Octopus Server

  • before the fixed versions

Source

security@octopus.com

Tags

CVE-2024-4226 details

Published : April 30, 2024, 2:15 a.m.
Last Modified : April 30, 2024, 1:11 p.m.

Description

It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.

CVSS Score

1 2 3.5 4 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score

3.5

Exploitability Score

Impact Score

Base Severity

LOW

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

References

URL Source
https://advisories.octopus.com/post/2024/SA2024-03/ security@octopus.com
This website uses the NVD API, but is not approved or certified by it.