Vulnerabilities > CVE-2022-2888 - Insufficient Session Expiration vulnerability in Octoprint

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

local

low complexity

octoprint

CWE-613

NVD

Published: 2022-09-21

Updated: 2022-09-22

Summary

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

Vulnerable Configurations

Part	Description	Count
Application	Octoprint Octoprint Octoprint 0.1.0 Octoprint Octoprint 0.1.1 Octoprint Octoprint 0.1.2 Octoprint Octoprint 1.0.0 Octoprint Octoprint 1.1.0 Octoprint Octoprint 1.1.1 Octoprint Octoprint 1.1.2 Octoprint Octoprint 1.2.0 Octoprint Octoprint 1.2.1 Octoprint Octoprint 1.2.2 Octoprint Octoprint 1.2.3 Octoprint Octoprint 1.2.4 Octoprint Octoprint 1.2.5 Octoprint Octoprint 1.2.6 Octoprint Octoprint 1.2.7 Octoprint Octoprint 1.2.8 Octoprint Octoprint 1.2.9 Octoprint Octoprint 1.2.10 Octoprint Octoprint 1.2.11 Octoprint Octoprint 1.2.12 Octoprint Octoprint 1.2.13 Octoprint Octoprint 1.2.14 Octoprint Octoprint 1.2.15 Octoprint Octoprint 1.2.16 Octoprint Octoprint 1.2.17 Octoprint Octoprint 1.2.18 Octoprint Octoprint 1.3.0 Octoprint Octoprint 1.3.1 Octoprint Octoprint 1.3.2 Octoprint Octoprint 1.3.3 Octoprint Octoprint 1.3.4 Octoprint Octoprint 1.3.5 Octoprint Octoprint 1.3.6 Octoprint Octoprint 1.3.7 Octoprint Octoprint 1.3.8 Octoprint Octoprint 1.3.9 Octoprint Octoprint 1.3.10 Octoprint Octoprint 1.3.11 Octoprint Octoprint 1.3.12 Octoprint Octoprint 1.4.0 Octoprint Octoprint 1.4.1 Octoprint Octoprint 1.4.2 Octoprint Octoprint 1.5.0 Octoprint Octoprint 1.5.1 Octoprint Octoprint 1.5.2 Octoprint Octoprint 1.5.3 Octoprint Octoprint 1.6.0 Octoprint Octoprint 1.6.1 Octoprint Octoprint 1.7.0 Octoprint Octoprint 1.7.1 Octoprint Octoprint 1.7.2 Octoprint Octoprint 1.7.3 Octoprint Octoprint 1.8.0 Octoprint Octoprint 1.8.1 Octoprint Octoprint 1.8.2	102

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References