In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly unusable. The user would be able to subsequently set and unset the referrer header to control the denial of service state with a valid CSRF token whilst new CSRF tokens could not be generated.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Attack Requirements
None
No additional conditions
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 4
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Octopus Octopus_Server
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
|
2020.1.0
|
2024.3.13097
|
|
Octopus Octopus_Server
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
|
2024.4.401
|
2024.4.7091
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
|
— | — |
|
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
|
— | — |