Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for octoprint/octoprint by octoprint

    CVE-2022-3607 (GCVE-0-2022-3607)

    Vulnerability from nvd – Published: 2022-10-19 00:00 – Updated: 2025-05-09 14:47
    VLAI
    Title
    Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint
    Summary
    Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
    Assigner
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3607",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T14:47:28.251571Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T14:47:37.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-75",
                  "description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-19T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"
            },
            {
              "url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"
            }
          ],
          "source": {
            "advisory": "2d1db3c9-93e8-4902-a55b-5ea53c22aa11",
            "discovery": "EXTERNAL"
          },
          "title": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3607",
        "datePublished": "2022-10-19T00:00:00.000Z",
        "dateReserved": "2022-10-19T00:00:00.000Z",
        "dateUpdated": "2025-05-09T14:47:37.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3068 (GCVE-0-2022-3068)

    Vulnerability from nvd – Published: 2022-09-21 11:55 – Updated: 2025-05-28 15:21
    VLAI
    Title
    Improper Privilege Management in octoprint/octoprint
    Summary
    Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.462Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3068",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T15:21:49.059418Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T15:21:53.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-21T11:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"
            }
          ],
          "source": {
            "advisory": "f45c24cb-9104-4c6e-a9e1-5c7e75e83884",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Privilege Management in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3068",
              "STATE": "PUBLIC",
              "TITLE": "Improper Privilege Management in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"
                }
              ]
            },
            "source": {
              "advisory": "f45c24cb-9104-4c6e-a9e1-5c7e75e83884",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3068",
        "datePublished": "2022-09-21T11:55:09.000Z",
        "dateReserved": "2022-08-31T00:00:00.000Z",
        "dateUpdated": "2025-05-28T15:21:53.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2888 (GCVE-0-2022-2888)

    Vulnerability from nvd – Published: 2022-09-21 11:25 – Updated: 2025-05-28 15:22
    VLAI
    Title
    Insufficient Session Expiration in octoprint/octoprint
    Summary
    If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.606Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2888",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T15:22:05.235332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T15:22:09.888Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If an attacker comes into the possession of a victim\u0027s OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim\u0027s account exists."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-21T11:25:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
            }
          ],
          "source": {
            "advisory": "d27d232b-2578-4b32-b3b4-74aabdadf629",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Session Expiration in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2888",
              "STATE": "PUBLIC",
              "TITLE": "Insufficient Session Expiration in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If an attacker comes into the possession of a victim\u0027s OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim\u0027s account exists."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-613 Insufficient Session Expiration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
                }
              ]
            },
            "source": {
              "advisory": "d27d232b-2578-4b32-b3b4-74aabdadf629",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2888",
        "datePublished": "2022-09-21T11:25:08.000Z",
        "dateReserved": "2022-08-18T00:00:00.000Z",
        "dateUpdated": "2025-05-28T15:22:09.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2872 (GCVE-0-2022-2872)

    Vulnerability from nvd – Published: 2022-09-21 09:55 – Updated: 2025-05-28 15:26
    VLAI
    Title
    Unrestricted Upload of File with Dangerous Type in octoprint/octoprint
    Summary
    Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:58.717Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2872",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T15:26:52.799700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T15:26:59.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-21T09:55:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"
            }
          ],
          "source": {
            "advisory": "b966c74d-6f3f-49fe-b40a-eaf25e362c56",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File with Dangerous Type in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2872",
              "STATE": "PUBLIC",
              "TITLE": "Unrestricted Upload of File with Dangerous Type in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"
                }
              ]
            },
            "source": {
              "advisory": "b966c74d-6f3f-49fe-b40a-eaf25e362c56",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2872",
        "datePublished": "2022-09-21T09:55:08.000Z",
        "dateReserved": "2022-08-17T00:00:00.000Z",
        "dateUpdated": "2025-05-28T15:26:59.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2930 (GCVE-0-2022-2930)

    Vulnerability from nvd – Published: 2022-08-22 11:35 – Updated: 2024-08-03 00:53
    VLAI
    Title
    Unverified Password Change in octoprint/octoprint
    Summary
    Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
    CWE
    • CWE-620 - Unverified Password Change
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:53:00.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-620",
                  "description": "CWE-620 Unverified Password Change",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-22T11:35:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
            }
          ],
          "source": {
            "advisory": "da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
            "discovery": "EXTERNAL"
          },
          "title": "Unverified Password Change in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2930",
              "STATE": "PUBLIC",
              "TITLE": "Unverified Password Change in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-620 Unverified Password Change"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
                }
              ]
            },
            "source": {
              "advisory": "da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2930",
        "datePublished": "2022-08-22T11:35:11.000Z",
        "dateReserved": "2022-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:53:00.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2822 (GCVE-0-2022-2822)

    Vulnerability from nvd – Published: 2022-08-15 10:30 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Authentication Bypass by Primary Weakness in octoprint/octoprint
    Summary
    An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.9.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:58.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-15T10:40:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de"
            }
          ],
          "source": {
            "advisory": "6369f355-e6ef-4469-af75-0f6ff00cde3d",
            "discovery": "EXTERNAL"
          },
          "title": "Authentication Bypass by Primary Weakness in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2822",
              "STATE": "PUBLIC",
              "TITLE": "Authentication Bypass by Primary Weakness in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de"
                }
              ]
            },
            "source": {
              "advisory": "6369f355-e6ef-4469-af75-0f6ff00cde3d",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2822",
        "datePublished": "2022-08-15T10:30:17.000Z",
        "dateReserved": "2022-08-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:58.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1432 (GCVE-0-2022-1432)

    Vulnerability from nvd – Published: 2022-05-18 10:10 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Cross-site Scripting (XSS) - Generic in octoprint/octoprint
    Summary
    Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T10:10:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"
            }
          ],
          "source": {
            "advisory": "cb545c63-a3c1-4d57-8f06-e4593ab389bf",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Generic in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1432",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Generic in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"
                }
              ]
            },
            "source": {
              "advisory": "cb545c63-a3c1-4d57-8f06-e4593ab389bf",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1432",
        "datePublished": "2022-05-18T10:10:10.000Z",
        "dateReserved": "2022-04-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1430 (GCVE-0-2022-1430)

    Vulnerability from nvd – Published: 2022-05-18 10:00 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Cross-site Scripting (XSS) - DOM in octoprint/octoprint
    Summary
    Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.267Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T10:00:14.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"
            }
          ],
          "source": {
            "advisory": "0cd30d71-1e32-4a0b-b4c3-faaa1907b541",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - DOM in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1430",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - DOM in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"
                }
              ]
            },
            "source": {
              "advisory": "0cd30d71-1e32-4a0b-b4c3-faaa1907b541",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1430",
        "datePublished": "2022-05-18T10:00:14.000Z",
        "dateReserved": "2022-04-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3607 (GCVE-0-2022-3607)

    Vulnerability from cvelistv5 – Published: 2022-10-19 00:00 – Updated: 2025-05-09 14:47
    VLAI
    Title
    Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint
    Summary
    Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
    Assigner
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3607",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T14:47:28.251571Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T14:47:37.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-75",
                  "description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-19T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"
            },
            {
              "url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"
            }
          ],
          "source": {
            "advisory": "2d1db3c9-93e8-4902-a55b-5ea53c22aa11",
            "discovery": "EXTERNAL"
          },
          "title": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3607",
        "datePublished": "2022-10-19T00:00:00.000Z",
        "dateReserved": "2022-10-19T00:00:00.000Z",
        "dateUpdated": "2025-05-09T14:47:37.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3068 (GCVE-0-2022-3068)

    Vulnerability from cvelistv5 – Published: 2022-09-21 11:55 – Updated: 2025-05-28 15:21
    VLAI
    Title
    Improper Privilege Management in octoprint/octoprint
    Summary
    Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.462Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3068",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T15:21:49.059418Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T15:21:53.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-21T11:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"
            }
          ],
          "source": {
            "advisory": "f45c24cb-9104-4c6e-a9e1-5c7e75e83884",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Privilege Management in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3068",
              "STATE": "PUBLIC",
              "TITLE": "Improper Privilege Management in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"
                }
              ]
            },
            "source": {
              "advisory": "f45c24cb-9104-4c6e-a9e1-5c7e75e83884",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3068",
        "datePublished": "2022-09-21T11:55:09.000Z",
        "dateReserved": "2022-08-31T00:00:00.000Z",
        "dateUpdated": "2025-05-28T15:21:53.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2888 (GCVE-0-2022-2888)

    Vulnerability from cvelistv5 – Published: 2022-09-21 11:25 – Updated: 2025-05-28 15:22
    VLAI
    Title
    Insufficient Session Expiration in octoprint/octoprint
    Summary
    If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.606Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2888",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T15:22:05.235332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T15:22:09.888Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If an attacker comes into the possession of a victim\u0027s OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim\u0027s account exists."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-21T11:25:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
            }
          ],
          "source": {
            "advisory": "d27d232b-2578-4b32-b3b4-74aabdadf629",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Session Expiration in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2888",
              "STATE": "PUBLIC",
              "TITLE": "Insufficient Session Expiration in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If an attacker comes into the possession of a victim\u0027s OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim\u0027s account exists."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-613 Insufficient Session Expiration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
                }
              ]
            },
            "source": {
              "advisory": "d27d232b-2578-4b32-b3b4-74aabdadf629",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2888",
        "datePublished": "2022-09-21T11:25:08.000Z",
        "dateReserved": "2022-08-18T00:00:00.000Z",
        "dateUpdated": "2025-05-28T15:22:09.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2872 (GCVE-0-2022-2872)

    Vulnerability from cvelistv5 – Published: 2022-09-21 09:55 – Updated: 2025-05-28 15:26
    VLAI
    Title
    Unrestricted Upload of File with Dangerous Type in octoprint/octoprint
    Summary
    Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:58.717Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2872",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T15:26:52.799700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T15:26:59.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-21T09:55:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"
            }
          ],
          "source": {
            "advisory": "b966c74d-6f3f-49fe-b40a-eaf25e362c56",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File with Dangerous Type in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2872",
              "STATE": "PUBLIC",
              "TITLE": "Unrestricted Upload of File with Dangerous Type in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"
                }
              ]
            },
            "source": {
              "advisory": "b966c74d-6f3f-49fe-b40a-eaf25e362c56",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2872",
        "datePublished": "2022-09-21T09:55:08.000Z",
        "dateReserved": "2022-08-17T00:00:00.000Z",
        "dateUpdated": "2025-05-28T15:26:59.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2930 (GCVE-0-2022-2930)

    Vulnerability from cvelistv5 – Published: 2022-08-22 11:35 – Updated: 2024-08-03 00:53
    VLAI
    Title
    Unverified Password Change in octoprint/octoprint
    Summary
    Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
    CWE
    • CWE-620 - Unverified Password Change
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:53:00.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-620",
                  "description": "CWE-620 Unverified Password Change",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-22T11:35:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
            }
          ],
          "source": {
            "advisory": "da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
            "discovery": "EXTERNAL"
          },
          "title": "Unverified Password Change in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2930",
              "STATE": "PUBLIC",
              "TITLE": "Unverified Password Change in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-620 Unverified Password Change"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
                }
              ]
            },
            "source": {
              "advisory": "da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2930",
        "datePublished": "2022-08-22T11:35:11.000Z",
        "dateReserved": "2022-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:53:00.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2822 (GCVE-0-2022-2822)

    Vulnerability from cvelistv5 – Published: 2022-08-15 10:30 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Authentication Bypass by Primary Weakness in octoprint/octoprint
    Summary
    An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.9.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:58.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-15T10:40:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de"
            }
          ],
          "source": {
            "advisory": "6369f355-e6ef-4469-af75-0f6ff00cde3d",
            "discovery": "EXTERNAL"
          },
          "title": "Authentication Bypass by Primary Weakness in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2822",
              "STATE": "PUBLIC",
              "TITLE": "Authentication Bypass by Primary Weakness in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de"
                }
              ]
            },
            "source": {
              "advisory": "6369f355-e6ef-4469-af75-0f6ff00cde3d",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2822",
        "datePublished": "2022-08-15T10:30:17.000Z",
        "dateReserved": "2022-08-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:58.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1432 (GCVE-0-2022-1432)

    Vulnerability from cvelistv5 – Published: 2022-05-18 10:10 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Cross-site Scripting (XSS) - Generic in octoprint/octoprint
    Summary
    Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T10:10:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"
            }
          ],
          "source": {
            "advisory": "cb545c63-a3c1-4d57-8f06-e4593ab389bf",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Generic in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1432",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Generic in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"
                }
              ]
            },
            "source": {
              "advisory": "cb545c63-a3c1-4d57-8f06-e4593ab389bf",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1432",
        "datePublished": "2022-05-18T10:10:10.000Z",
        "dateReserved": "2022-04-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1430 (GCVE-0-2022-1430)

    Vulnerability from cvelistv5 – Published: 2022-05-18 10:00 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Cross-site Scripting (XSS) - DOM in octoprint/octoprint
    Summary
    Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    octoprint octoprint/octoprint Affected: unspecified , < 1.8.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.267Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "octoprint/octoprint",
              "vendor": "octoprint",
              "versions": [
                {
                  "lessThan": "1.8.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T10:00:14.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"
            }
          ],
          "source": {
            "advisory": "0cd30d71-1e32-4a0b-b4c3-faaa1907b541",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - DOM in octoprint/octoprint",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1430",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - DOM in octoprint/octoprint"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "octoprint/octoprint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "octoprint"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"
                },
                {
                  "name": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045",
                  "refsource": "MISC",
                  "url": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"
                }
              ]
            },
            "source": {
              "advisory": "0cd30d71-1e32-4a0b-b4c3-faaa1907b541",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1430",
        "datePublished": "2022-05-18T10:00:14.000Z",
        "dateReserved": "2022-04-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }