Vulnerability Details CVE-2024-4226
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.7%
CVSS Severity
CVSS v3 Score 3.5
References
Products affected by CVE-2024-4226
-
cpe:2.3:a:octopus:octopus_server:2022.2.6729
-
cpe:2.3:a:octopus:octopus_server:2022.2.6764
-
cpe:2.3:a:octopus:octopus_server:2022.2.6832
-
cpe:2.3:a:octopus:octopus_server:2022.2.6849
-
cpe:2.3:a:octopus:octopus_server:2022.2.6872
-
cpe:2.3:a:octopus:octopus_server:2022.2.6895
-
cpe:2.3:a:octopus:octopus_server:2022.2.6971
-
cpe:2.3:a:octopus:octopus_server:2022.2.7718
-
cpe:2.3:a:octopus:octopus_server:2022.2.7897
-
cpe:2.3:a:octopus:octopus_server:2022.3.1455
-
cpe:2.3:a:octopus:octopus_server:2022.3.1591
-
cpe:2.3:a:octopus:octopus_server:2022.3.2140
-
cpe:2.3:a:octopus:octopus_server:2022.3.2387
-
cpe:2.3:a:octopus:octopus_server:2022.3.2616
-
cpe:2.3:a:octopus:octopus_server:2022.3.348
-
cpe:2.3:a:octopus:octopus_server:2022.3.4953
-
cpe:2.3:a:octopus:octopus_server:2022.3.5512
-
cpe:2.3:a:octopus:octopus_server:2022.3.7274
-
cpe:2.3:a:octopus:octopus_server:2022.3.7782