CVE-2022-4008

2023-05-1000:00:00

Octopus

www.cve.org

octopus deploy

upload vulnerability

zipbomb file

denial of service

0.0004 Low

EPSS

Percentile

12.9%

JSON

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

CNA Affected

[
  {
    "vendor": "Octopus Deploy",
    "product": "Octopus Tentacle",
    "versions": [
      {
        "version": "0.9",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "2022.3.11043",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "2022.4.791",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "2022.4.8401",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

advisories.octopus.com/post/2023/sa2023-08/

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for CVELIST:CVE-2022-4008