CVE-2024-4226

It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

History

27 Jun 2025, 14:42

Type Values Removed Values Added
CPE cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
References () https://advisories.octopus.com/post/2024/SA2024-03/ - () https://advisories.octopus.com/post/2024/SA2024-03/ - Broken Link
First Time Octopus octopus Server
Octopus

04 Dec 2024, 18:15

Type Values Removed Values Added
CWE CWE-276

21 Nov 2024, 09:42

Type Values Removed Values Added
References () https://advisories.octopus.com/post/2024/SA2024-03/ - () https://advisories.octopus.com/post/2024/SA2024-03/ -
Summary
  • (es) Se identificó que en ciertas versiones de Octopus Server, un usuario creado sin permisos podía ver todos los usuarios, roles de usuario y permisos. Esta funcionalidad se eliminó en las versiones de Octopus Server posteriores a las versiones corregidas enumeradas.

30 Apr 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-30 02:15

Updated : 2025-06-27 14:42


NVD link : CVE-2024-4226

Mitre link : CVE-2024-4226

CVE.ORG link : CVE-2024-4226


JSON object : View

Products Affected

octopus

  • octopus_server
CWE
CWE-276

Incorrect Default Permissions