NTLM Relay Attack Vulnerability in Octopus Server by Octopus Deploy
CVE-2022-2780

8.1HIGH

Key Information:

Vendor: Octopus Deploy
Status: Octopus Server
Vendor: CVE Published:; 14 October 2022

🔔 Create Octopus Deploy Vulnerability Alert

What is CVE-2022-2780?

In certain versions of Octopus Server, the Git Connectivity test function within the VCS project can be manipulated to execute an SMB request. This opens up the potential for an NTLM relay attack, which could compromise system integrity and expose sensitive information. Users are advised to review their configurations and apply the necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Octopus Server 2021.2.994

Octopus Server < 2022.1.3180

Octopus Server 2022.2.6729

References

https://advisories.octopus.com/post/2022/sa2022-20/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2022
Vulnerability Reserved
Aug 11, 2022