cbcvebase.
CVE-2022-2013
published 2022-06-13

CVE-2022-2013: In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have…

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.85%
53.4th percentile
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.

Affected

11 ranges
VendorProductVersion rangeFixed in
happywormjplayer>= 0 < 2.3.02.3.0
msrcmicrosoft_sharepoint_enterprise_server_2013_service_pack_1
msrcmicrosoft_sharepoint_enterprise_server_2016
msrcmicrosoft_sharepoint_foundation_2013_service_pack_1
msrcmicrosoft_sharepoint_server_2013_service_pack_1
msrcmicrosoft_sharepoint_server_2019
msrcmicrosoft_sharepoint_server_subscription_edition
msrcsharepoint_server_subscription_edition_language_pack
octopusoctopus_deploy>= 2022.1.1495 < 2022.1.26472022.1.2647
octopus_deployoctopus_server>= 2022.1.1495 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.1.26472022.1.2647

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
ghsa4.3MEDIUM
cisa9.8CRITICAL
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.