CVE-2022-23184
Description
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.185
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-23184 are affected in Octopus Server 2021.2.8001 | Windows |
| Vulnerabilities CVE-2022-23184 are affected in Octopus Server 2021.2.8010 | Windows |
| Vulnerabilities CVE-2022-23184 are affected in Octopus Server 2021.3.11056 | Windows |
| Vulnerabilities CVE-2022-23184 are affected in Octopus Server 2021.3.8275 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234