Security Vulnerability in Octopus Server Allows Unauthorized Access to User Data
CVE-2024-4226

3.5LOW

Key Information:

Vendor: Octopus Deploy
Status: Octopus Server
Vendor: CVE Published:; 30 April 2024

🔔 Create Octopus Deploy Vulnerability Alert

What is CVE-2024-4226?

It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Octopus Server Windows 2022.2.5205 < 2022.2.7934

Octopus Server Windows 2022.3.348 < 2022.3.9163

References

https://advisories.octopus.com/post/2024/SA2024-03/

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2024
Vulnerability Reserved
Apr 26, 2024

JSON

Octopus Deploy