Denial of Service Vulnerability in Octopus Deploy by Octopus Deploy
CVE-2022-2883

7.5HIGH

Key Information:

Vendor: Octopus Deploy
Status: Octopus Server
Vendor: CVE Published:; 22 February 2023

🔔 Create Octopus Deploy Vulnerability Alert

What is CVE-2022-2883?

In specific versions of Octopus Deploy, a vulnerability allows attackers to upload a zipbomb file as a task. This capability can lead to a denial of service, overwhelming system resources and resulting in an inability to service legitimate requests. Organizations using affected versions of Octopus Deploy should review potential exposure and take steps to mitigate risks associated with this vulnerability.

Affected Version(s)

Octopus Server 0.9

Octopus Server < 2022.3.11043

Octopus Server 2022.4.791

References

https://advisories.octopus.com/post/2023/sa2023-02/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2023
Vulnerability Reserved
Aug 17, 2022