Lucene search
@huntrdevCVE-2022-2822HistoryAug 15, 2022 - 11:21 a.m.
CVE-2022-2822
2022-08-1511:21:32
CWE-307
@huntrdev
web.nvd.nist.gov
56
7
cve-2022-2822
brute force
account takeover
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
51.0%
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
Affected configurations
Node
octoprintoctoprintRange<1.9.0
CNA Affected
[
{
"product": "octoprint/octoprint",
"vendor": "octoprint",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
osv
osv
CVE-2022-2822
2022-08-15 11:21:32
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
veracode
veracode
Privilege Escalation
2022-08-16 05:38:36
github
github
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
nvd
nvd
CVE-2022-2822
2022-08-15 11:21:32
prion
prion
Default credentials
2022-08-15 11:21:00
huntr
huntr
No rate limit on main Login page lead to account takeover
2022-08-12 20:03:31
cvelist
cvelist
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
51.0%
Related for CVE-2022-2822