CVE-2024-23637

Опубликовано: 31 янв. 2024

Источник: nvd

CVSS3: 4.2

CVSS3: 4.9

EPSS Низкий

Описание

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.

Ссылки

https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125
Patch
https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1
Release Notes
https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr
Third Party Advisory
https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125
Patch
https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1
Release Notes
https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*

Версия до 1.9.3 (включая)

EPSS

Процентиль: 6%

0.00025

Низкий

4.2 Medium

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-287

Связанные уязвимости

CVE-2024-23637

CVSS3: 4.2

debian

около 2 лет назад

OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...

GHSA-5626-pw9c-hmjr

CVSS3: 4.2

github

около 2 лет назад

OctoPrint Unverified Password Change via Access Control Settings

EPSS

Процентиль: 6%

0.00025

Низкий

4.2 Medium

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-287