Vulnerability Details CVE-2022-2013
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
Products affected by CVE-2022-2013
-
cpe:2.3:a:octopus:octopus_deploy:*
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-