CVE-2022-2760

CVSS 4.3 MEDIUMEPSS 0.4%CWE-209

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Octopus Deploy · Octopus Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://advisories.octopus.com/post/2022/sa2022-14/