CVE-2024-4226
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/04/2024
Last modified:
27/06/2025
Description
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
Impact
Base Score 3.x
3.50
Severity 3.x
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* | 2022.2.6729 (including) | 2022.2.7934 (excluding) |
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* | 2022.3.348 (including) | 2022.3.9163 (excluding) |
To consult the complete list of CPE names with products and versions, see this page