cbcvebase.
CVE-2022-2259
published 2023-03-13

CVE-2022-2259: In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items

PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.43%
34.7th percentile
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items

Affected

10 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server
octopusoctopus_server>= 2019.1.0 < 2022.3.110982022.3.11098
octopusoctopus_server>= 2022.4.791 < 2022.4.84632022.4.8463
octopusoctopus_server>= 2023.1.4189 < 2023.1.96722023.1.9672
octopus_deployoctopus_server>= 2019.1.0 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.4.791 < unspecifiedunspecified
octopus_deployoctopus_server>= 2023.1.4189 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.3.110982022.3.11098
octopus_deployoctopus_server>= unspecified < 2022.4.84632022.4.8463
octopus_deployoctopus_server>= unspecified < 2023.1.96722023.1.9672
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.