It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
History

Wed, 04 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-276
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Octopus

Published: 2024-04-30T01:53:34.277Z

Updated: 2024-12-04T17:19:41.428Z

Reserved: 2024-04-26T03:52:25.114Z

Link: CVE-2024-4226

cve-icon Vulnrichment

Updated: 2024-08-01T20:33:52.915Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-30T02:15:06.577

Modified: 2024-12-04T18:15:15.330

Link: CVE-2024-4226

cve-icon Redhat

No data.