Vulnerability Details CVE-2022-1502
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.7%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 3.5
References
Products affected by CVE-2022-1502
-
cpe:2.3:a:octopus:server:2021.3.12120
-
cpe:2.3:a:octopus:server:2021.3.12132
-
cpe:2.3:a:octopus:server:2021.3.12313
-
cpe:2.3:a:octopus:server:2021.3.12355
-
cpe:2.3:a:octopus:server:2021.3.12372
-
cpe:2.3:a:octopus:server:2021.3.12461
-
cpe:2.3:a:octopus:server:2021.3.12534
-
cpe:2.3:a:octopus:server:2021.3.12582
-
cpe:2.3:a:octopus:server:2021.3.12605
-
cpe:2.3:a:octopus:server:2021.3.12646
-
cpe:2.3:a:octopus:server:2021.3.12694
-
cpe:2.3:a:octopus:server:2021.3.12714
-
cpe:2.3:a:octopus:server:2021.3.8275
-
cpe:2.3:a:octopus:server:2022.1.2121
-
cpe:2.3:a:octopus:server:2022.1.2128
-
cpe:2.3:a:octopus:server:2022.1.2133
-
cpe:2.3:a:octopus:server:2022.1.2232
-
cpe:2.3:a:octopus:server:2022.1.2264
-
cpe:2.3:a:octopus:server:2022.1.2274
-
cpe:2.3:a:octopus:server:2022.1.2278
-
cpe:2.3:a:octopus:server:2022.1.2300
-
cpe:2.3:a:octopus:server:2022.1.2332
-
cpe:2.3:a:octopus:server:2022.1.2342
-
cpe:2.3:a:octopus:server:2022.1.2364
-
cpe:2.3:a:octopus:server:2022.1.2386
-
cpe:2.3:a:octopus:server:2022.1.2412
-
cpe:2.3:a:octopus:server:2022.1.2438