CVE-2022-2780
published 2022-10-14CVE-2022-2780: In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the…
PriorityP342high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.51%
39.6th percentile
In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | >= 2021.2.994 < 2022.1.3180 | 2022.1.3180 |
| octopus | octopus_server | >= 2022.2.6729 < 2022.2.7965 | 2022.2.7965 |
| octopus | octopus_server | >= 2022.3.348 < 2022.3.10586 | 2022.3.10586 |
| octopus_deploy | octopus_server | >= 2021.2.994 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.2.6729 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.3.348 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2022.1.3180 | 2022.1.3180 |
| octopus_deploy | octopus_server | >= unspecified < 2022.2.7965 | 2022.2.7965 |
| octopus_deploy | octopus_server | >= unspecified < 2022.3.10586 | 2022.3.10586 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c5hv-rh39-2jjj: In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resultin
ghsa_unreviewed·2022-10-14
CVE-2022-2780 [HIGH] CWE-294 GHSA-c5hv-rh39-2jjj: In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resultin
In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
GHSA
Cross-site Scripting vulnerability in Jenkins
ghsa·2022-06-24
CVE-2022-34173 [HIGH] CWE-22 Cross-site Scripting vulnerability in Jenkins
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name.
This vulnerability is known to be exploitable by attackers with Job/Configure permission.
Jenkins 2.356 addresses this vulnerability. The tooltip of the build button in list views is now escaped.
No Jenkins LTS release is affected by SECURITY-2776 or SECURITY-2780, as these were not present in Jenkins 2.332.x and fixed in the 2.346.x line before 2.346.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-10-14
Published