Unrated severityNVD Advisory· Published Jul 15, 2022· Updated Aug 3, 2024

CVE-2022-1881

Description

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.

Affected products

Octopus/Servercpe-rescue
Range: 2021.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisories.octopus.com/post/2022/sa2022-06/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000