CVE-2022-2013

High

7.5/10

Summary

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Jun 13, 2022

CVE-2022-2013

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS