Lucene search

Veracode Vulnerability DatabaseVERACODE:43751

HistoryOct 11, 2023 - 7:21 a.m.

Improper Sanitization

2023-10-1107:21:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

improper sanitization

arbitrary code execution

gcode script

software vulnerability

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.0%

JSON

octoprint is vulnerable to Improper Sanitization. The vulnerability is due to RelEnvironment class in __init__.py which allows the execution of arbitrary code within the GCODE script feature. This lack of restriction could allow a malicious admin to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script.

CPENameOperatorVersion
octoprintle1.9.2
octoprintle1.9.2

CPE	Name	Operator	Version
	octoprint	le	1.9.2
	octoprint	le	1.9.2

References

github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db

github.com/OctoPrint/OctoPrint/releases/tag/1.9.3

github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.0%

JSON

Related for VERACODE:43751