Lucene search
HistoryAug 19, 2022 - 9:15 a.m.
CVE-2022-2075
octopus deploy
regex dos
vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
38.4%
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
Affected configurations
Node
octopusoctopus_serverRange0.9–0.9.620.4
ORoctopusoctopus_serverRange1.0–1.6.3.1723
ORoctopusoctopus_serverRange2.0–2.6.5
ORoctopusoctopus_serverRange3.0.0–3.17.14
ORoctopusoctopus_serverRange4.0.4–4.1.10
ORoctopusoctopus_serverRange2018.1.0–2018.12.1
ORoctopusoctopus_serverRange2019.1.0–2019.13.7
ORoctopusoctopus_serverRange2020.1.0–2020.6.5449
ORoctopusoctopus_serverRange2021.1.6959–2021.3.13021
ORoctopusoctopus_serverRange2022.1.0–2022.1.2894
ORoctopusoctopus_serverRange2022.2.6729–2022.2.6872
ORoctopusoctopus_serverRange2022.3.348–2022.3.4953
linuxlinux_kernelMatch-
ORmicrosoftwindowsMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| octopus | octopus_server | * | cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* |
| linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
| microsoft | windows | - | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2022-08-19 09:15:00
cvelist
cvelist
CVE-2022-2075
2022-08-19 09:10:09
cve
cve
CVE-2022-2075
2022-08-19 09:15:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
38.4%
Related for NVD:CVE-2022-2075