Описание
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
Ссылки
- Broken Link
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия от 2022.2.6729 (включая) до 2022.2.7934 (исключая)Версия от 2022.3.348 (включая) до 2022.3.9163 (исключая)
Одно из
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00094
Низкий
3.5 Low
CVSS3
Дефекты
CWE-276
Связанные уязвимости
CVSS3: 3.5
github
почти 2 года назад
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
EPSS
Процентиль: 27%
0.00094
Низкий
3.5 Low
CVSS3
Дефекты
CWE-276