CVE-2022-2783

Summary

In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server3.12.0 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.3154affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.7897affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.10586affected

Weaknesses

  • CSRF

ADP Enrichment

CVE Program Container

Additional References

References