CVE-2022-1901
published 2022-08-19CVE-2022-1901: In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.46%
36.2th percentile
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | 2019.1.0 – 2019.7.3 | — |
| octopus | octopus_server | 2020.1.0 – 2020.6.5449 | — |
| octopus | octopus_server | 2021.1.6959 – 2021.3.13021 | — |
| octopus | octopus_server | >= 2022.1.0 < 2022.1.3009 | 2022.1.3009 |
| octopus | octopus_server | >= 2022.2.6729 < 2022.2.7244 | 2022.2.7244 |
| octopus | octopus_server | >= 2022.3.348 < 2022.3.4953 | 2022.3.4953 |
| octopus_deploy | octopus_server | >= 2019.7.3 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.2.6729 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.3.348 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2022.1.3009 | 2022.1.3009 |
| octopus_deploy | octopus_server | >= unspecified < 2022.2.7244 | 2022.2.7244 |
| octopus_deploy | octopus_server | >= unspecified < 2022.3.4953 | 2022.3.4953 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrhg-rvvx-6575: In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview
ghsa_unreviewed·2022-08-20
CVE-2022-1901 [MEDIUM] CWE-200 GHSA-rrhg-rvvx-6575: In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
Red Hat
kernel: clean up hook list when offload flags check fails
vendor_redhat·2024-05-03·CVSS 5.5
CVE-2022-48691 [MEDIUM] kernel: clean up hook list when offload flags check fails
kernel: clean up hook list when offload flags check fails
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: clean up hook list when offload flags check fails
splice back the hook list so nft_chain_release_hook() has a chance to
release the hooks.
BUG: memory leak
unreferenced object 0xffff88810180b100 (size 96):
comm "syz-executor133", pid 3619, jiffies 4294945714 (age 12.690s)
hex dump (first 32 bytes):
28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff (d#.....(d#.....
90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff ................
backtrace:
[] kmalloc include/linux/slab.h:600 [inline]
[] nft_netdev_hook_alloc+0x3b/0xc0 net/netfilter/nf_tables_api.c:1901
[] nft_chain_parse_netdev net/netfilter/nf_tables_api.c:1998 [inline]
[] nft_chain_parse_hook+0
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-19
Published