Octopus: >> Octopus Server >> 2022.3.348 Security Vulnerabilities
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-07-15
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-07-15
Page 5