2.6
CVE-2024-7998
- EPSS 0.23%
- Veröffentlicht 21.08.2024 06:15:13
- Zuletzt bearbeitet 02.07.2025 17:26:30
- Quelle security@octopus.com
- CVE-Watchlists
- Unerledigt
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Octopus ≫ Octopus Server Version >= 2022.4.8332 < 2024.1.12931
Octopus ≫ Octopus Server Version >= 2024.2.101 < 2024.2.9313
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.14 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@octopus.com | 2.6 | 1 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
https://advisories.octopus.com/post/2024/sa2024-07/