CVE-2022-2783

Published: Oct 6, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token

Affected (3)

Products: Octopus: Octopus Server

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Octopus Octopus Server	From 2022.2.6729 to 2022.2.7897
Octopus Octopus Server	From 2022.3.348 to 2022.3.10586
Octopus Octopus Server	From 3.12.0 to 2022.1.3154

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://advisories.octopus.com/post/2022/sa2022-17/

Source: security@octopus.com

Vendor Advisory

https://advisories.octopus.com/post/2022/sa2022-17/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.