Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2780", "assignerOrgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272", "assignerShortName": "Octopus", "dateUpdated": "2025-05-15T15:09:13.386Z", "dateReserved": "2022-08-11T00:00:00.000Z", "datePublished": "2022-10-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272", "shortName": "Octopus", "dateUpdated": "2022-10-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack."}], "affected": [{"vendor": "Octopus Deploy", "product": "Octopus Server", "versions": [{"version": "2021.2.994", "status": "affected", "lessThan": "unspecified", "versionType": "custom"}, {"version": "unspecified", "lessThan": "2022.1.3180", "status": "affected", "versionType": "custom"}, {"version": "2022.2.6729", "status": "affected", "lessThan": "unspecified", "versionType": "custom"}, {"version": "unspecified", "lessThan": "2022.2.7965", "status": "affected", "versionType": "custom"}, {"version": "2022.3.348", "status": "affected", "lessThan": "unspecified", "versionType": "custom"}, {"version": "unspecified", "lessThan": "2022.3.10586", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://advisories.octopus.com/post/2022/sa2022-20/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Authentication Bypass by Capture-Replay"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisories.octopus.com/post/2022/sa2022-20/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-294", "lang": "en", "description": "CWE-294 Authentication Bypass by Capture-replay"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-15T15:08:43.967065Z", "id": "CVE-2022-2780", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T15:09:13.386Z"}}]}}