CVE-2022-2780

Published: Oct 14, 2022Modified: May 15, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.

Affected (3)

Products: Octopus: Octopus Server

Octopus

1 product

Octopus Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Octopus Octopus Server	From 2021.2.994 to 2022.1.3180
Octopus Octopus Server	From 2022.2.6729 to 2022.2.7965
Octopus Octopus Server	From 2022.3.348 to 2022.3.10586

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://advisories.octopus.com/post/2022/sa2022-20/

Source: security@octopus.com

Vendor Advisory

https://advisories.octopus.com/post/2022/sa2022-20/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.