It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://advisories.octopus.com/post/2024/SA2024-03/ |
History
Wed, 04 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-276 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Octopus
Published: 2024-04-30T01:53:34.277Z
Updated: 2024-12-04T17:19:41.428Z
Reserved: 2024-04-26T03:52:25.114Z
Link: CVE-2024-4226
Vulnrichment
Updated: 2024-08-01T20:33:52.915Z
NVD
Status : Awaiting Analysis
Published: 2024-04-30T02:15:06.577
Modified: 2024-12-04T18:15:15.330
Link: CVE-2024-4226
Redhat
No data.