Lucene search

[email protected]NVD:CVE-2022-2507

HistoryApr 19, 2023 - 8:15 a.m.

CVE-2022-2507

2023-04-1908:15:07

[email protected]

web.nvd.nist.gov

octopus deploy

webpage vulnerability

user input

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage

Affected configurations

Nvd

Node

octopusoctopus_serverRange<2023.1.9794

octopusoctopus_serverRange2022.4.0–2022.4.8332

octopusoctopus_serverRange2023.1.0–2023.1.6715

VendorProductVersionCPE
octopusoctopus_server*cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
octopus	octopus_server	*	cpe:2.3:a:octopus:octopus_server::::::::

References

advisories.octopus.com/post/2023/sa2023-06/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2022-2507

cvelist1 cve1 prion1