Lucene search
HistoryAug 19, 2022 - 9:15 a.m.
CVE-2022-2049
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.6%
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
Affected configurations
Node
octopusoctopus_serverRange0.9–0.9.620.4
ORoctopusoctopus_serverRange1.0–1.6.3.1723
ORoctopusoctopus_serverRange2.0–2.6.5
ORoctopusoctopus_serverRange3.0.0–3.17.14
ORoctopusoctopus_serverRange4.0.4–4.1.10
ORoctopusoctopus_serverRange2018.1.0–2018.12.1
ORoctopusoctopus_serverRange2019.1.0–2019.13.7
ORoctopusoctopus_serverRange2020.1.0–2020.6.5449
ORoctopusoctopus_serverRange2021.1.6959–2021.3.13021
ORoctopusoctopus_serverRange2022.1.0–2022.1.2894
ORoctopusoctopus_serverRange2022.2.6729–2022.2.6872
ORoctopusoctopus_serverRange2022.3.348–2022.3.4953
linuxlinux_kernelMatch-
ORmicrosoftwindowsMatch-
Related
cve
cve
CVE-2022-2049
2022-08-19 09:15:08
cvelist
cvelist
CVE-2022-2049
2022-08-19 08:45:14
prion
prion
Design/Logic Flaw
2022-08-19 09:15:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.6%
Related for NVD:CVE-2022-2049