cbcvebase.
CVE-2022-3614
published 2023-01-03

CVE-2022-3614: In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be…

PriorityP432medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.39%
30.9th percentile
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.

Affected

8 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server>= 2022.4 < 2022.4.80632022.4.8063
octopusoctopus_server>= 3.5 < 2022.3.107502022.3.10750
octopus_deployoctopus_server>= 2022.3.348 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.4.791 < unspecifiedunspecified
octopus_deployoctopus_server>= 3.5.1 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.2.85522022.2.8552
octopus_deployoctopus_server>= unspecified < 2022.3.107502022.3.10750
octopus_deployoctopus_server>= unspecified < 2022.4.80632022.4.8063
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.