Critical Vulnerability: Encryption Weakness in Octopus Server Exposes Session Cookies and Variables

Critical Vulnerability: Encryption Weakness in Octopus Server Exposes Session Cookies and Variables

CVE-2022-2781 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.

Learn more about our Cis Benchmark Audit For Server Software.