Bypassing User Invitation Code Validity to Create Extra User Accounts

Bypassing User Invitation Code Validity to Create Extra User Accounts

CVE-2022-1670 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.

Learn more about our Cis Benchmark Audit For Server Software.