Description
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d
Patch, Third Party Advisory x_refsource_misc
https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
51.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-307
Status
published
Products (2)
octoprint/octoprint
< 1.9.0
pypi/OctoPrint
0PyPI
Published
Aug 15, 2022
Tracked Since
Feb 18, 2026