CVE-2024-7998 LOW

CVE-2024-7998

Vendor Octopus Deploy
Product Octopus Server
Published August 21, 2024
Last update December 3, 2024

CVSS base score

2.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.

Key dates

02Disclosure timeline

August 21, 2024 CVE published
December 3, 2024 Record updated