Lucene search

Veracode Vulnerability DatabaseVERACODE:45275

HistoryFeb 01, 2024 - 4:44 p.m.

Unverified Password Change

2024-02-0116:44:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

octoprint

password change

vulnerability

admin accounts

improper validation

security issue

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

OctoPrint is vulnerable to Unverified Password Change. The vulnerability is due to improper validation within the password change functionality for admin accounts. The issue can be exploited to a malicious admin to change the passwords of other admin account.

CPENameOperatorVersion
octoprintle1.9.3
octoprintle1.9.3

CPE	Name	Operator	Version
	octoprint	le	1.9.3
	octoprint	le	1.9.3

References

github.com/advisories/GHSA-5626-pw9c-hmjr

github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125

github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1

github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

Related for VERACODE:45275