Vulnerabilities > CVE-2022-2888 - Unspecified vulnerability in Octoprint
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
Vulnerable Configurations
References
- https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
- https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
- https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
- https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629