CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41047 – Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint
https://notcve.org/view.php?id=CVE-2023-41047
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties. • https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3 https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3607 – Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint
https://notcve.org/view.php?id=CVE-2022-3607
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. Un Fallo en el Saneo de Elementos Especiales en un Plano Diferente (Inyección de Elementos Especiales) en el repositorio de GitHub octoprint/octoprint versiones anteriores a 1.8.3 • https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3068 – Improper Privilege Management in octoprint/octoprint
https://notcve.org/view.php?id=CVE-2022-3068
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. Una Administración Inapropiada de Privilegios en el repositorio de GitHub octoprint/octoprint versiones anteriores a 1.8.3 • https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571 https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884 • CWE-269: Improper Privilege Management •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2888 – Insufficient Session Expiration in octoprint/octoprint
https://notcve.org/view.php?id=CVE-2022-2888
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. Si un atacante entra en posesión de la cookie de sesión de OctoPrint de una víctima mediante cualquier medio, el atacante puede usar esta cookie para autenticarse mientras la cuenta de la víctima exista • https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4 https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2872 – Unrestricted Upload of File with Dangerous Type in octoprint/octoprint
https://notcve.org/view.php?id=CVE-2022-2872
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. Una Descarga sin Restricciones de Archivos de Tipo Peligroso en el repositorio GitHub octoprint/octoprint versiones anteriores a 1.8.3 • https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0 https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56 • CWE-434: Unrestricted Upload of File with Dangerous Type •