CVE-2022-29890

Summary

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2019.7.0 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2021.3.13021affected
Octopus DeployOctopus Server2022.1.2121 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.2894affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.6971affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.2387affected

Weaknesses

  • Stored Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References