CVE-2022-2781

EUVD-2022-35022
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
octopusoctopus_server
3.2.10 ≤
𝑥
< 2022.1.3154
octopusoctopus_server
2022.2.6729 ≤
𝑥
< 2022.2.7897
octopusoctopus_server
2022.3.348 ≤
𝑥
< 2022.3.10586
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.octopus.com/post/2022/sa2022-16/
https://advisories.octopus.com/post/2022/sa2022-16/