CVE-2022-2781 Information
Oct 08, 2022
cve
Description
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://advisories.octopus.com/post/2022/sa2022-16/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3
Share on: