CVE-2022-2075

Name: CVE-2022-2075
Creator: NVD / NIST
Published: 2022-08-19T09:15:08.37+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.66%

Last modified Jun 17, 2026

CVE-2022-2075 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.. EPSS estimates a 0.66% chance of exploitation in the next 30 days.

Description

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.66%

46.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Octopus	Octopus Server	>= 0.9, <= 0.9.620.4
Octopus	Octopus Server	>= 1.0, <= 1.6.3.1723
Octopus	Octopus Server	>= 2.0, <= 2.6.5
Octopus	Octopus Server	>= 3.0.0, <= 3.17.14
Octopus	Octopus Server	>= 4.0.4, <= 4.1.10
Octopus	Octopus Server	>= 2018.1.0, <= 2018.12.1
Octopus	Octopus Server	>= 2019.1.0, <= 2019.13.7
Octopus	Octopus Server	>= 2020.1.0, <= 2020.6.5449
Octopus	Octopus Server	>= 2021.1.6959, <= 2021.3.13021
Octopus	Octopus Server	>= 2022.1.0, < 2022.1.2894
Octopus	Octopus Server	>= 2022.2.6729, < 2022.2.6872
Octopus	Octopus Server	>= 2022.3.348, < 2022.3.4953

References

https://advisories.octopus.com/post/2022/sa2022-12/Mitigation, Patch, Vendor Advisory
https://advisories.octopus.com/post/2022/sa2022-12/Mitigation, Patch, Vendor Advisory

Timeline

Published: Aug 19, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-2075?

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

How severe is CVE-2022-2075?

CVE-2022-2075 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.66% probability of exploitation in the next 30 days.

How do I fix CVE-2022-2075?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-2075?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST