CVE-2022-2075
published 2022-08-19CVE-2022-2075: In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.66%
46.8th percentile
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | 0.9 – 0.9.620.4 | — |
| octopus | octopus_server | 1.0 – 1.6.3.1723 | — |
| octopus | octopus_server | 2.0 – 2.6.5 | — |
| octopus | octopus_server | 2018.1.0 – 2018.12.1 | — |
| octopus | octopus_server | 2019.1.0 – 2019.13.7 | — |
| octopus | octopus_server | 2020.1.0 – 2020.6.5449 | — |
| octopus | octopus_server | 2021.1.6959 – 2021.3.13021 | — |
| octopus | octopus_server | >= 2022.1.0 < 2022.1.2894 | 2022.1.2894 |
| octopus | octopus_server | >= 2022.2.6729 < 2022.2.6872 | 2022.2.6872 |
| octopus | octopus_server | >= 2022.3.348 < 2022.3.4953 | 2022.3.4953 |
| octopus | octopus_server | 3.0.0 – 3.17.14 | — |
| octopus | octopus_server | 4.0.4 – 4.1.10 | — |
| octopus_deploy | octopus_server | >= 0.9 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.2.6729 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.3.348 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2022.1.2894 | 2022.1.2894 |
| octopus_deploy | octopus_server | >= unspecified < 2022.2.6872 | 2022.2.6872 |
| octopus_deploy | octopus_server | >= unspecified < 2022.3.4953 | 2022.3.4953 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2022-08-19
Published