// For flags

CVE-2022-2782

 

Severity Score

9.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.

En las versiones afectadas de Octopus Server, es posible que un token de sesión sea válido indefinidamente debido a una validación incorrecta de los parámetros del token de sesión.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-11 CVE Reserved
  • 2022-10-26 CVE Published
  • 2024-05-18 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-613: Insufficient Session Expiration
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
< 2022.2.8351
Search vendor "Octopus" for product "Octopus Server" and version " < 2022.2.8351"
-
Affected
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2022.3.0 < 2022.3.10586
Search vendor "Octopus" for product "Octopus Server" and version " >= 2022.3.0 < 2022.3.10586"
-
Affected
Octopus
Search vendor "Octopus"
Octopus Server
Search vendor "Octopus" for product "Octopus Server"
>= 2022.4.0 < 2022.4.2898
Search vendor "Octopus" for product "Octopus Server" and version " >= 2022.4.0 < 2022.4.2898"
-
Affected