It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
References
Link | Resource |
---|---|
https://advisories.octopus.com/post/2024/SA2024-03/ | Broken Link |
https://advisories.octopus.com/post/2024/SA2024-03/ | Broken Link |
Configurations
Configuration 1 (hide)
|
History
27 Jun 2025, 14:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* | |
References | () https://advisories.octopus.com/post/2024/SA2024-03/ - Broken Link | |
First Time |
Octopus octopus Server
Octopus |
04 Dec 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 |
21 Nov 2024, 09:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://advisories.octopus.com/post/2024/SA2024-03/ - | |
Summary |
|
30 Apr 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-30 02:15
Updated : 2025-06-27 14:42
NVD link : CVE-2024-4226
Mitre link : CVE-2024-4226
CVE.ORG link : CVE-2024-4226
JSON object : View
Products Affected
octopus
- octopus_server
CWE
CWE-276
Incorrect Default Permissions