CVE-2022-2888

Опубликовано: 21 сент. 2022

Источник: nvd

CVSS3: 4.4

EPSS Низкий

Описание

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

Ссылки

https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
Patch
Third Party Advisory
https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
Exploit
Patch
Third Party Advisory
https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
Patch
Third Party Advisory
https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*

Версия до 1.8.3 (исключая)

EPSS

Процентиль: 14%

0.00047

Низкий

4.4 Medium

CVSS3

4.4 Medium

CVSS3

Дефекты

CWE-613

Связанные уязвимости

CVE-2022-2888

CVSS3: 4.4

debian

больше 3 лет назад

If an attacker comes into the possession of a victim's OctoPrint sessi ...

GHSA-937f-qh3w-6g87

CVSS3: 4.4

github

больше 3 лет назад

OctoPrint vulnerable to Insufficient Session Expiration.

EPSS

Процентиль: 14%

0.00047

Низкий

4.4 Medium

CVSS3

4.4 Medium

CVSS3

Дефекты

CWE-613