It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
References
Link | Resource |
---|---|
https://advisories.octopus.com/post/2024/SA2024-03/ |
Configurations
No configuration.
History
30 Apr 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-30 02:15
Updated : 2024-04-30 13:11
NVD link : CVE-2024-4226
Mitre link : CVE-2024-4226
CVE.ORG link : CVE-2024-4226
JSON object : View
Products Affected
No product.
CWE
No CWE.