CVE-2024-7998

Summary

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2022.4.8332 < 2024.1.12931affected
Octopus DeployOctopus Server2024.1.437 < 2024.1.12931affected
Octopus DeployOctopus Server2024.2.101 < 2024.2.9313affected

Weaknesses

  • Incorrect OIDC cookie expiration time

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References