CVE-2022-2049 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2022-2049

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.

Published: Aug 19, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-2049
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
octopus / octopus_server	0.9	0.9.620.4.x
octopus / octopus_server	1.0	1.6.3.1723.x
octopus / octopus_server	2.0	2.6.5.x
octopus / octopus_server	3.0.0	3.17.14.x
octopus / octopus_server	4.0.4	4.1.10.x
octopus / octopus_server	2018.1.0	2018.12.1.x
octopus / octopus_server	2019.1.0	2019.13.7.x
octopus / octopus_server	2020.1.0	2020.6.5449.x
octopus / octopus_server	2021.1.6959	2021.3.13021.x
octopus / octopus_server	2022.1.0	2022.1.2894
octopus / octopus_server	2022.2.6729	2022.2.6872
octopus / octopus_server	2022.3.348	2022.3.4953

https://advisories.octopus.com/post/2022/sa2022-10/