Lucene search

Veracode Vulnerability DatabaseVERACODE:46913

HistoryMay 15, 2024 - 5:34 a.m.

Authentication Bypass

2024-05-1505:34:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

octoprint

authentication bypass

vulnerability

ip spoofing

x-forwarded-for

autologinlocal

localnetworks

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to an unauthenticated attacker being able to bypass authentication by spoofing their IP via the X-Forwarded-For header when the autologinLocal option is enabled, even if they are from networks not configured as localNetworks.

CPENameOperatorVersion
octoprintle1.10.0
octoprintle1.10.0

CPE	Name	Operator	Version
	octoprint	le	1.10.0
	octoprint	le	1.10.0

References

github.com/advisories/GHSA-2vjq-hg5w-5gm7

github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4

github.com/OctoPrint/OctoPrint/commit/ff64916cccfe96585f354c3fb52d95e77f1cc1ba

github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:46913