Information Disclosure

2022-10-2002:44:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

octoprint

vulnerability

symlinks

language packs

directory traversal

information disclosure

server

EPSS

0.001

Percentile

17.8%

JSON

octoprint is vulnerable to information disclosure. The vulnerability is due to multiple functions in languages.py not sanitizing symlinks in language packs resulting in directory traversal used to extract information from the server.

References

github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e

huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11

EPSS

0.001

Percentile

17.8%

JSON

Related for VERACODE:37609