CVE-2022-30532 - OpenCVE

In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Octopus	Octopus Server
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:octopus:octopus_server::::::::
	cpe:2.3:a:octopus:octopus_server::::::::
	cpe:2.3:a:octopus:octopus_server::::::::

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

References

Link	Resource
https://advisories.octopus.com/post/2022/sa2022-08/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Octopus

Published: 2022-07-19T06:50:10

Updated: 2022-07-19T06:50:10

Reserved: 2022-06-06T00:00:00

Link: CVE-2022-30532

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-19T07:15:07.287

Modified: 2022-08-18T13:49:54.553

Link: CVE-2022-30532

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Octopus Server", "vendor": "Octopus Deploy", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0.9", "versionType": "custom"}, {"lessThan": "2021.3.13021", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "2022.1.2121", "versionType": "custom"}, {"lessThan": "2022.1.2849", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "2022.3.348", "versionType": "custom"}, {"lessThan": "2022.3.2387", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy."}], "problemTypes": [{"descriptions": [{"description": "Insufficient Logging", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-19T06:50:10", "orgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272", "shortName": "Octopus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://advisories.octopus.com/post/2022/sa2022-08/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@octopus.com", "ID": "CVE-2022-30532", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Octopus Server", "version": {"version_data": [{"version_affected": ">=", "version_value": "0.9"}, {"version_affected": "<", "version_value": "2021.3.13021"}, {"version_affected": ">=", "version_value": "2022.1.2121"}, {"version_affected": "<", "version_value": "2022.1.2849"}, {"version_affected": ">=", "version_value": "2022.3.348"}, {"version_affected": "<", "version_value": "2022.3.2387"}]}}]}, "vendor_name": "Octopus Deploy"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Logging"}]}]}, "references": {"reference_data": [{"name": "https://advisories.octopus.com/post/2022/sa2022-08/", "refsource": "MISC", "url": "https://advisories.octopus.com/post/2022/sa2022-08/"}]}}}}, "cveMetadata": {"assignerOrgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272", "assignerShortName": "Octopus", "cveId": "CVE-2022-30532", "datePublished": "2022-07-19T06:50:10", "dateReserved": "2022-06-06T00:00:00", "dateUpdated": "2022-07-19T06:50:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C9C9971-0C67-4287-8EEF-3F3DF901AB0F", "versionEndExcluding": "2021.3.13021", "versionStartIncluding": "0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C7F32C0-EBF2-42CB-95DA-8D146E99689B", "versionEndExcluding": "2022.1.2849", "versionStartIncluding": "2022.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F8976F6-C318-48BE-BC03-788FB43C3C95", "versionEndExcluding": "2022.3.2387", "versionStartIncluding": "2022.3.348", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy."}, {"lang": "es", "value": "En las versiones afectadas de Octopus Deploy, no se presenta registro de los cambios en los artefactos dentro de Octopus Deploy.\n"}], "id": "CVE-2022-30532", "lastModified": "2022-08-18T13:49:54.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-19T07:15:07.287", "references": [{"source": "security@octopus.com", "tags": ["Vendor Advisory"], "url": "https://advisories.octopus.com/post/2022/sa2022-08/"}], "sourceIdentifier": "security@octopus.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}