CVE-2024-7998

Summary

CVE-2024-7998 identifies a vulnerability in Octopus Server, specifically affecting versions that improperly manage OIDC cookie expiration times, potentially allowing cookies to utilize their maximum lifespan. This issue is rated as having low severity with a base score of 2.6, requiring high privileges and user interaction for exploitation via network attacks. The vulnerability poses a low confidentiality risk but could lead to unauthorized access if exploited due to improper cookie management. Organizations using the impacted product, MDL7DB, are advised to apply the recommended patches or updates outlined in the advisory linked here to mitigate the risk. Users should be aware that successful exploitation may require sophisticated techniques given the high attack complexity associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.