5.3
CVE-2022-2781
- EPSS 0.06%
- Veröffentlicht 06.10.2022 18:15:58
- Zuletzt bearbeitet 21.11.2024 07:01:41
- Quelle security@octopus.com
- CVE-Watchlists
- Unerledigt
LoginIn affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Octopus ≫ Octopus Server Version >= 3.2.10 < 2022.1.3154
Octopus ≫ Octopus Server Version >= 2022.2.6729 < 2022.2.7897
Octopus ≫ Octopus Server Version >= 2022.3.348 < 2022.3.10586
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.188 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.