cbcvebase.
CVE-2022-4009
published 2023-03-16

CVE-2022-4009: In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation

PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.72%
49.3th percentile
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation

Affected

10 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server>= 2022.3.348 < 2022.3.107502022.3.10750
octopusoctopus_server>= 2022.4.791 < 2022.4.83192022.4.8319
octopusoctopus_server>= 3.0.19 < 2022.2.85522022.2.8552
octopus_deployoctopus_server>= 2022.3.348 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.4.791 < unspecifiedunspecified
octopus_deployoctopus_server>= 3.0.19 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.2.85522022.2.8552
octopus_deployoctopus_server>= unspecified < 2022.3.107502022.3.10750
octopus_deployoctopus_server>= unspecified < 2022.4.83192022.4.8319
octopus_deployoctopus_server>= unspecified < 2023.1.41892023.1.4189
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.