CVE-2022-2888

MEDIUM
Published Sep 21, 20223y ago · Modified Jun 17, 20261w ago
4.4 CVSS 3.1
Medium
Find Similar
Published Sep 21, 2022 3y ago
Last Modified Jun 17, 2026 1w ago

Description

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

CVSS Details

Base Score
4.4
Exploitability
1.8
Impact
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-613

Affected Products 1

VendorProductVersionRange
octoprintoctoprint* <1.8.3

References 2

  • github.com https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
    PatchThird Party Advisory
  • huntr.dev https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
    ExploitPatchThird Party Advisory

Remediation

  • github.com https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
    PatchThird Party Advisory
  • huntr.dev https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
    ExploitPatchThird Party Advisory