Description
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
Patch, Third Party Advisory x_refsource_misc
https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
Scores
CVSS v3
4.4
EPSS
0.0005
EPSS Percentile
14.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-613
Status
published
Products (2)
octoprint/octoprint
< 1.8.3
pypi/OctoPrint
0 - 1.8.3PyPI
Published
Sep 21, 2022
Tracked Since
Feb 18, 2026