CVE Vulnerabilities

CVE-2024-7998

Insufficient Session Expiration

Published: Aug 21, 2024 | Modified: Jul 02, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name Vendor Start Version End Version
Octopus_server Octopus 2022.4.8332 (including) 2024.1.12931 (excluding)
Octopus_server Octopus 2024.2.101 (including) 2024.2.9313 (excluding)

Potential Mitigations

References