CVE-2018-16710

2018-09-0719:00:00

mitre

www.cve.org

octoprint

vulnerability

sensitive data disclosure

denial of service

http requests

AI Score

9.1

Confidence

High

EPSS

0.005

Percentile

76.6%

JSON

OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding … Putting OctoPrint onto the public internet is a terrible idea, and I really can’t emphasize that enough.

References

github.com/foosel/OctoPrint/issues/2814