CVE-2022-2507
published 2023-04-19CVE-2022-2507: In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.42%
33.4th percentile
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | < 2023.1.9794 | 2023.1.9794 |
| octopus | octopus_server | >= 2022.4.0 < 2022.4.8332 | 2022.4.8332 |
| octopus | octopus_server | >= 2023.1.0 < 2023.1.6715 | 2023.1.6715 |
| octopus_deploy | octopus_server | >= 0.9 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.3.348 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.4.791 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2022.3.10957 | 2022.3.10957 |
| octopus_deploy | octopus_server | >= unspecified < 2022.4.8332 | 2022.4.8332 |
| octopus_deploy | octopus_server | >= unspecified < 2023.1.6715 | 2023.1.6715 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Octopus Deploy cross site scripting (EUVD-2022-34765)
vuldb·2026-05-26·CVSS 5.3
CVE-2022-2507 [MEDIUM] Octopus Deploy cross site scripting (EUVD-2022-34765)
A vulnerability labeled as problematic has been found in Octopus Deploy. Affected by this issue is some unknown functionality. Executing a manipulation can lead to cross site scripting.
This vulnerability is registered as CVE-2022-2507. It is possible to launch the attack remotely. No exploit is available.
GHSA
GHSA-76vv-65xc-fv9q: In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
ghsa_unreviewed·2023-04-19
CVE-2022-2507 [MEDIUM] CWE-79 GHSA-76vv-65xc-fv9q: In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-19
Published