OctoPrint vulnerable to Insufficient Session Expiration.

GHSA-937f-qh3w-6g87 · CVE-2022-2888 · PYSEC-2022-282

Published Sep 22, 2022 · Modified Oct 8, 2024

Description

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. This issue is fixed in version 1.8.3.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-2888
WEB https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
PACKAGE https://github.com/octoprint/octoprint
WEB https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml
WEB https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes