First published: Mon Feb 07 2022(Updated: )
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
Credit: security@octopus.com
Affected Software | Affected Version | How to fix |
---|---|---|
Octopus Octopus Deploy | >=0.9<=4.1.10 | |
Octopus Octopus Deploy | >=2018.1.0<=2020.1.1 | |
Octopus Octopus Server | >=2021.2.0<2021.2.8011 | |
Octopus Octopus Server | >=2021.3.0<2021.3.11057 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-23184.
The severity of CVE-2022-23184 is medium with a CVSS score of 6.1.
The affected software versions are Octopus Server versions from 0.9 to 4.1.10, Octopus Server versions from 2018.1.0 to 2020.1.1, Octopus Server versions from 2021.2.0 to 2021.2.8011, and Octopus Server versions from 2021.3.0 to 2021.3.11057.
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
To fix CVE-2022-23184, upgrade Octopus Server to a version that is not affected, as recommended by the vendor.