// For flags

CVE-2022-2049

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.

En versiones afectadas de Octopus Deploy es posible llevar a cabo una DenegaciĆ³n de Servicio Regex por medio de la funciĆ³n package upload.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-06-10 CVE Reserved
  • 2022-08-19 CVE Published
  • 2024-03-11 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 0.9 <= 0.9.620.4
Search vendor "Octopus" for product "Octopus Server" and version " >= 0.9 <= 0.9.620.4"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 0.9 <= 0.9.620.4
Search vendor "Octopus" for product "Octopus Server" and version " >= 0.9 <= 0.9.620.4"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 1.0 <= 1.6.3.1723
Search vendor "Octopus" for product "Octopus Server" and version " >= 1.0 <= 1.6.3.1723"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 1.0 <= 1.6.3.1723
Search vendor "Octopus" for product "Octopus Server" and version " >= 1.0 <= 1.6.3.1723"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2.0 <= 2.6.5
Search vendor "Octopus" for product "Octopus Server" and version " >= 2.0 <= 2.6.5"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2.0 <= 2.6.5
Search vendor "Octopus" for product "Octopus Server" and version " >= 2.0 <= 2.6.5"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 3.0.0 <= 3.17.14
Search vendor "Octopus" for product "Octopus Server" and version " >= 3.0.0 <= 3.17.14"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 3.0.0 <= 3.17.14
Search vendor "Octopus" for product "Octopus Server" and version " >= 3.0.0 <= 3.17.14"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 4.0.4 <= 4.1.10
Search vendor "Octopus" for product "Octopus Server" and version " >= 4.0.4 <= 4.1.10"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 4.0.4 <= 4.1.10
Search vendor "Octopus" for product "Octopus Server" and version " >= 4.0.4 <= 4.1.10"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2018.1.0 <= 2018.12.1
Search vendor "Octopus" for product "Octopus Server" and version " >= 2018.1.0 <= 2018.12.1"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2018.1.0 <= 2018.12.1
Search vendor "Octopus" for product "Octopus Server" and version " >= 2018.1.0 <= 2018.12.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2019.1.0 <= 2019.13.7
Search vendor "Octopus" for product "Octopus Server" and version " >= 2019.1.0 <= 2019.13.7"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2019.1.0 <= 2019.13.7
Search vendor "Octopus" for product "Octopus Server" and version " >= 2019.1.0 <= 2019.13.7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2020.1.0 <= 2020.6.5449
Search vendor "Octopus" for product "Octopus Server" and version " >= 2020.1.0 <= 2020.6.5449"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2020.1.0 <= 2020.6.5449
Search vendor "Octopus" for product "Octopus Server" and version " >= 2020.1.0 <= 2020.6.5449"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2021.1.6959 <= 2021.3.13021
Search vendor "Octopus" for product "Octopus Server" and version " >= 2021.1.6959 <= 2021.3.13021"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2021.1.6959 <= 2021.3.13021
Search vendor "Octopus" for product "Octopus Server" and version " >= 2021.1.6959 <= 2021.3.13021"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2022.1.0 < 2022.1.2894
Search vendor "Octopus" for product "Octopus Server" and version " >= 2022.1.0 < 2022.1.2894"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2022.1.0 < 2022.1.2894
Search vendor "Octopus" for product "Octopus Server" and version " >= 2022.1.0 < 2022.1.2894"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2022.2.6729 < 2022.2.6872
Search vendor "Octopus" for product "Octopus Server" and version " >= 2022.2.6729 < 2022.2.6872"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2022.2.6729 < 2022.2.6872
Search vendor "Octopus" for product "Octopus Server" and version " >= 2022.2.6729 < 2022.2.6872"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2022.3.348 < 2022.3.4953
Search vendor "Octopus" for product "Octopus Server" and version " >= 2022.3.348 < 2022.3.4953"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2022.3.348 < 2022.3.4953
Search vendor "Octopus" for product "Octopus Server" and version " >= 2022.3.348 < 2022.3.4953"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe