{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-1502",
        "ASSIGNER": "security@octopus.com",
        "STATE": "PUBLIC"
    },
    "affects": {
      "vendor": {
        "vendor_data": [
          {
            "vendor_name": "Octopus Deploy",
            "product": {
              "product_data": [
                {
                  "product_name": "Octopus Server",
                  "version": {
                    "version_data": [
                      {
                          "version_value": "<",
                          "version_affected": "2022.1.2454"
                      },
                      {
                         "version_value": "<",
                         "version_affected": "2021.3.12725"
                      }
                    ]
                  }
                }
              ]
            }
          }
        ]
      }
    },
    "problemtype": {
      "problemtype_data": [
        {
          "description": [
            {
              "lang": "eng",
              "value": "Broken access control in API for projects using Git VCS in Octopus Server"
            }
          ]
        }
      ]
    },
    "references": {
      "reference_data": [
        {
            "url": "https://advisories.octopus.com/post/2022/sa2022-03/",
            "refsource": "MISC",
            "name": "https://advisories.octopus.com/post/2022/sa2022-03/"
        }
      ]
    },
    "description": {
      "description_data": [
        {
          "lang": "eng",
          "value": "Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions."
        }
      ]
    }
}