← Back

CVE-2022-23184

nvd nist
Published: Feb 7, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.

Affected (4)

Octopus
2 products
Octopus Deploy
Octopus Server
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Octopus
Octopus Deploy
From 0.9 to 4.1.10
Octopus Deploy
From 2018.1.0 to 2020.1.1
Octopus
Octopus Server
From 2021.2.0 to 2021.2.8011
Octopus Server
From 2021.3.0 to 2021.3.11057

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: security@octopus.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.