CVE-2022-3460
published 2023-01-03CVE-2022-3460: In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.56%
42.3th percentile
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | >= 2018.1.0 < 2022.3.10750 | 2022.3.10750 |
| octopus | octopus_server | >= 2022.4 < 2022.4.8063 | 2022.4.8063 |
| octopus_deploy | octopus_server | >= 2018.3.1 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.1.2121 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.2.7897 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.3.348 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.4.791 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2021.3.13150 | 2021.3.13150 |
| octopus_deploy | octopus_server | >= unspecified < 2022.1.3281 | 2022.1.3281 |
| octopus_deploy | octopus_server | >= unspecified < 2022.2.8552 | 2022.2.8552 |
| octopus_deploy | octopus_server | >= unspecified < 2022.3.10750 | 2022.3.10750 |
| octopus_deploy | octopus_server | >= unspecified < 2022.4.8221 | 2022.4.8221 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7f63-rxj5-2547: In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variabl
ghsa_unreviewed·2023-01-03
CVE-2022-3460 [HIGH] CWE-200 GHSA-7f63-rxj5-2547: In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variabl
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Red Hat
kernel: f2fs: fix to do sanity check on curseg->alloc_type
vendor_redhat·2025-02-26·CVSS 7.8
CVE-2022-49170 [HIGH] kernel: f2fs: fix to do sanity check on curseg->alloc_type
kernel: f2fs: fix to do sanity check on curseg->alloc_type
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on curseg->alloc_type
As Wenqing Liu reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215657
- Overview
UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operate a corrupted image
- Reproduce
tested on kernel 5.17-rc4, 5.17-rc6
1. mkdir test_crash
2. cd test_crash
3. unzip tmp2.zip
4. mkdir mnt
5. ./single_test.sh f2fs 2
- Kernel dump
[ 46.434454] loop0: detected capacity change from 0 to 131072
[ 46.529839] F2FS-fs (loop0): Mounted with checkpoint version = 7548c2d9
[ 46.738319] ================================================================================
[ 46.738412] UBSAN: array-index-ou
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-03
Published