CVE-2022-2781

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisories.octopus.com/post/2022/sa2022-16/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:octopus:octopus_server::::::::
	cpe:2.3:a:octopus:octopus_server::::::::
	cpe:2.3:a:octopus:octopus_server::::::::

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-326~~	CWE-327

11 Oct 2022, 05:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cve.org/CVERecord?id=CVE-2022-2781', 'name': 'https://www.cve.org/CVERecord?id=CVE-2022-2781', 'tags': [], 'refsource': 'MISC'}~~

11 Oct 2022, 04:15

Type	Values Removed	Values Added
References		(MISC) https://www.cve.org/CVERecord?id=CVE-2022-2781 -

07 Oct 2022, 16:22

Type	Values Removed	Values Added
CPE		cpe:2.3:a:octopus:octopus_server::::::::
First Time		Octopus octopus Server Octopus
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CWE		CWE-326
References	~~(MISC) https://advisories.octopus.com/post/2022/sa2022-16/ -~~	(MISC) https://advisories.octopus.com/post/2022/sa2022-16/ - Vendor Advisory

06 Oct 2022, 18:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-06 18:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-2781

Mitre link : CVE-2022-2781

CVE.ORG link : CVE-2022-2781

JSON object : View

Products Affected

octopus

octopus_server

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

5.3 /10