cbcvebase.
CVE-2022-2075
published 2022-08-19

CVE-2022-2075: In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.66%
46.8th percentile
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

Affected

18 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server0.9 – 0.9.620.4
octopusoctopus_server1.0 – 1.6.3.1723
octopusoctopus_server2.0 – 2.6.5
octopusoctopus_server2018.1.0 – 2018.12.1
octopusoctopus_server2019.1.0 – 2019.13.7
octopusoctopus_server2020.1.0 – 2020.6.5449
octopusoctopus_server2021.1.6959 – 2021.3.13021
octopusoctopus_server>= 2022.1.0 < 2022.1.28942022.1.2894
octopusoctopus_server>= 2022.2.6729 < 2022.2.68722022.2.6872
octopusoctopus_server>= 2022.3.348 < 2022.3.49532022.3.4953
octopusoctopus_server3.0.0 – 3.17.14
octopusoctopus_server4.0.4 – 4.1.10
octopus_deployoctopus_server>= 0.9 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.2.6729 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.3.348 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.1.28942022.1.2894
octopus_deployoctopus_server>= unspecified < 2022.2.68722022.2.6872
octopus_deployoctopus_server>= unspecified < 2022.3.49532022.3.4953
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.