CVE-2022-2721
published 2022-11-25CVE-2022-2721: In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.56%
42.3th percentile
In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | >= 2022.2.6729 < 2022.2.7965 | 2022.2.7965 |
| octopus | octopus_server | >= 2022.3.348 < 2022.3.9163 | 2022.3.9163 |
| octopus_deploy | octopus_server | >= 2022.2.6729 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.3.348 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2022.2.7965 | 2022.2.7965 |
| octopus_deploy | octopus_server | >= unspecified < 2022.3.9163 | 2022.3.9163 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Octopus Server log file (EUVD-2022-34963)
vuldb·2026-05-27·CVSS 7.5
CVE-2022-2721 [HIGH] Octopus Server log file (EUVD-2022-34963)
A vulnerability described as problematic has been identified in Octopus Server. This impacts an unknown function. Executing a manipulation can lead to sensitive information in log files.
This vulnerability is handled as CVE-2022-2721. The attack can only be done within the local network. There is not any exploit available.
GHSA
GHSA-wxc6-2xqr-q2pg: In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in
ghsa_unreviewed·2022-11-25
CVE-2022-2721 [HIGH] CWE-532 GHSA-wxc6-2xqr-q2pg: In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in
In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.
Red Hat
kernel: ext4: avoid crash when inline data creation follows DIO write
vendor_redhat·2025-10-01·CVSS 5.5
CVE-2022-50435 [MEDIUM] CWE-664 kernel: ext4: avoid crash when inline data creation follows DIO write
kernel: ext4: avoid crash when inline data creation follows DIO write
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid crash when inline data creation follows DIO write
When inode is created and written to using direct IO, there is nothing
to clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets
truncated later to say 1 byte and written using normal write, we will
try to store the data as inline data. This confuses the code later
because the inode now has both normal block and inline data allocated
and the confusion manifests for example as:
kernel BUG at fs/ext4/inode.c:2721!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 359 Comm: repro Not tainted 5.19.0-rc8-00001-g31ba1e3b8305-dirty #15
Hardware name: QEMU Standard PC (i440FX + PIIX, 1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-25
Published