CVE-2022-2258
published 2023-03-13CVE-2022-2258: In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.50%
38.7th percentile
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | — | — |
| octopus | octopus_server | >= 2019.1.0 < 2022.3.11098 | 2022.3.11098 |
| octopus | octopus_server | >= 2022.4.791 < 2022.4.8463 | 2022.4.8463 |
| octopus | octopus_server | >= 2023.1.4189 < 2023.1.9672 | 2023.1.9672 |
| octopus_deploy | octopus_server | >= 2019.1.0 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.4.791 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2023.1.4189 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2022.3.11098 | 2022.3.11098 |
| octopus_deploy | octopus_server | >= unspecified < 2022.4.8463 | 2022.4.8463 |
| octopus_deploy | octopus_server | >= unspecified < 2023.1.9672 | 2023.1.9672 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-79mw-p7qm-h4wp: In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
ghsa_unreviewed·2023-03-13
CVE-2022-2258 [MEDIUM] CWE-862 GHSA-79mw-p7qm-h4wp: In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
Red Hat
kernel: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
vendor_redhat·2024-04-28·CVSS 5.5
CVE-2022-48631 [MEDIUM] CWE-20 kernel: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
kernel: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
When walking through an inode extents, the ext4_ext_binsearch_idx() function
assumes that the extent header has been previously validated. However, there
are no checks that verify that the number of entries (eh->eh_entries) is
non-zero when depth is > 0. And this will lead to problems because the
EXT_FIRST_INDEX() and EXT_LAST_INDEX() will return garbage and result in this:
[ 135.245946] ------------[ cut here ]------------
[ 135.247579] kernel BUG at fs/ext4/extents.c:2258!
[ 135.249045] invalid opcode: 0000 [#1] PREEMPT SMP
[ 135.250320] CPU: 2 PID: 238 Comm: tmp118 Not ta
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-13
Published