CVE-2022-2781

Summary

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server3.2.10 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.3154affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.7897affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.10586affected

Weaknesses

  • Encryption

ADP Enrichment

CVE Program Container

Additional References

References