CVE-2022-1881 Information

Description

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.

Reference

https://advisories.octopus.com/post/2022/sa2022-06/