cbcvebase.
CVE-2022-2258
published 2023-03-13

CVE-2022-2258: In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items

PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.50%
38.7th percentile
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items

Affected

10 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server
octopusoctopus_server>= 2019.1.0 < 2022.3.110982022.3.11098
octopusoctopus_server>= 2022.4.791 < 2022.4.84632022.4.8463
octopusoctopus_server>= 2023.1.4189 < 2023.1.96722023.1.9672
octopus_deployoctopus_server>= 2019.1.0 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.4.791 < unspecifiedunspecified
octopus_deployoctopus_server>= 2023.1.4189 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.3.110982022.3.11098
octopus_deployoctopus_server>= unspecified < 2022.4.84632022.4.8463
octopus_deployoctopus_server>= unspecified < 2023.1.96722023.1.9672

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.