CVE-2022-23184
Published Feb 7, 2022
Last updated 2 years ago
Overview
- Description
- In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
- Source
- security@octopus.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-601
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "750C3795-AEA2-4162-8C0B-F7BEA45D8BF7",
"versionEndIncluding": "4.1.10",
"versionStartIncluding": "0.9"
},
{
"criteria": "cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D338D9E8-CFFD-4B1E-974B-F7FADF2705EA",
"versionEndIncluding": "2020.1.1",
"versionStartIncluding": "2018.1.0"
},
{
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC9F4E9F-9E8A-42A2-8F7C-5AAB1B264DE5",
"versionEndExcluding": "2021.2.8011",
"versionStartIncluding": "2021.2.0"
},
{
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AFC8145-9420-45A6-A357-5C8A36B9462F",
"versionEndExcluding": "2021.3.11057",
"versionStartIncluding": "2021.3.0"
}
],
"operator": "OR"
}
]
}
]