Lucene search

K

GitHub Advisory DatabaseGHSA-49WM-4FP6-H59C

HistorySep 22, 2022 - 12:00 a.m.

OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type

2022-09-2200:00:32

CWE-434

GitHub Advisory Database

github.com

10

octoprint

vulnerable

file upload

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.6%

OctoPrint prior to version 1.8.3 is vulnerable to Unrestricted Upload of File with Dangerous Type. Due to misconfiguration in move file functionality, an attacker could easily change the file extension of an uploaded malicious file disguised as a .gcode file. Version 1.8.3 contains a patch.

Affected configurations

Vulners

Node

octoprintoctoprintRange<1.8.3

CPENameOperatorVersion
octoprintlt1.8.3

References

github.com/advisories/GHSA-49wm-4fp6-h59c

github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0

github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml

huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56

nvd.nist.gov/vuln/detail/CVE-2022-2872

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.6%

Related for GHSA-49WM-4FP6-H59C

veracode1 huntr1 nvd1 cvelist1 osv3 cve1 prion1