create CVE-2022-1502

2022/1xxx/CVE-2022-1502.json

@@ -0,0 +1,67 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-1502",
+        "ASSIGNER": "security@octopus.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+      "vendor": {
+        "vendor_data": [
+          {
+            "vendor_name": "Octopus Deploy",
+            "product": {
+              "product_data": [
+                {
+                  "product_name": "Octopus Server",
+                  "version": {
+                    "version_data": [
+                      {
+                          "version_value": "<",
+                          "version_affected": "2022.1.2454"
+                      },
+                      {
+                         "version_value": "<",
+                         "version_affected": "2021.3.12725"
+                      }
+                    ]
+                  }
+                }
+              ]
+            }
+          }
+        ]
+      }
+    },
+    "problemtype": {
+      "problemtype_data": [
+        {
+          "description": [
+            {
+              "lang": "eng",
+              "value": "Broken access control in API for projects using Git VCS in Octopus Server"
+            }
+          ]
+        }
+      ]
+    },
+    "references": {
+      "reference_data": [
+        {
+            "url": "https://advisories.octopus.com/post/2022/sa2022-03/",
+            "refsource": "MISC",
+            "name": "https://advisories.octopus.com/post/2022/sa2022-03/"
+        }
+      ]
+    },
+    "description": {
+      "description_data": [
+        {
+          "lang": "eng",
+          "value": "Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions."
+        }
+      ]
+    }
+}