cbcvebase.
CVE-2022-2828
published 2022-10-13

CVE-2022-2828: In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR)…

PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.53%
40.6th percentile
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability

Affected

9 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server2022.1.2121 – 2022.1.3135
octopusoctopus_server2022.2.0 – 2022.2.7897
octopusoctopus_server2022.3.0 – 2022.3.10586
octopus_deployoctopus_server>= 2022.1.2121 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.2.6729 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.3.348 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.1.31352022.1.3135
octopus_deployoctopus_server>= unspecified < 2022.2.78972022.2.7897
octopus_deployoctopus_server>= unspecified < 2022.3.105862022.3.10586
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.