Skip to main content

Generation of Error Message Containing Sensitive Information

CVE-2022-2760

Severity Medium
Score 4.3/10

Summary

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-209 - Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

References

Advisory Timeline

  • Published