Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Octopus Server 授权问题漏洞
Vulnerability Description
Octopus Server是一个自动化部署平台。 Octopus Server 存在授权问题漏洞,该漏洞源于访问权限由外部身份验证提供商管理,在访问权限被撤销后,禁用或删除用户的 API 密钥可能仍然有效,以下产品和版本受到影响:Octopus Server 2022.1.3264、2022.2.8277、2022.3.10586、2022.4.2898。
CVSS Information
N/A
Vulnerability Type
N/A