CVE-2022-2075

Summary

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server0.9 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.2894affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.6872affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.4953affected

Weaknesses

  • Regex Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References