CVE-2022-2780
First published: Fri Oct 14 2022(Updated: )
In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
Credit: security@octopus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octopus Deploy | >=2021.2.994<2022.1.3180 | |
| Octopus Deploy | >=2022.2.6729<2022.2.7965 | |
| Octopus Deploy | >=2022.3.348<2022.3.10586 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2780?
CVE-2022-2780 is classified as a high severity vulnerability due to its potential for NTLM relay attacks.
How do I fix CVE-2022-2780?
To fix CVE-2022-2780, upgrade to a version of Octopus Server that is not affected by this vulnerability.
Which versions of Octopus Server are affected by CVE-2022-2780?
CVE-2022-2780 affects Octopus Server versions between 2021.2.994 to 2022.1.3180, 2022.2.6729 to 2022.2.7965, and 2022.3.348 to 2022.3.10586.
What types of attacks can CVE-2022-2780 facilitate?
CVE-2022-2780 can facilitate NTLM relay attacks through improper handling of SMB requests.
Is there a workaround for CVE-2022-2780?
There are no known effective workarounds for CVE-2022-2780; upgrading is the recommended solution.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/octopus
- canonical/octopus deploy
- version/octopus deploy/2021.2.994
- version/octopus deploy/2022.2.6729
- version/octopus deploy/2022.3.348