Vulnerabilities > CVE-2024-32977 - Unspecified vulnerability in Octoprint

CVSS 9.4 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

LOW

network

low complexity

octoprint

critical

NVD

Published: 2024-05-14

Updated: 2025-03-05

Summary

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.

Vulnerable Configurations

Part	Description	Count
Application	Octoprint Octoprint Octoprint - Octoprint Octoprint 0.1.0 Octoprint Octoprint 0.1.1 Octoprint Octoprint 0.1.2 Octoprint Octoprint 1.0.0 Octoprint Octoprint 1.1.0 Octoprint Octoprint 1.1.1 Octoprint Octoprint 1.1.2 Octoprint Octoprint 1.2.0 Octoprint Octoprint 1.2.1 Octoprint Octoprint 1.2.2 Octoprint Octoprint 1.2.3 Octoprint Octoprint 1.2.4 Octoprint Octoprint 1.2.5 Octoprint Octoprint 1.2.6 Octoprint Octoprint 1.2.7 Octoprint Octoprint 1.2.8 Octoprint Octoprint 1.2.9 Octoprint Octoprint 1.2.10 Octoprint Octoprint 1.2.11 Octoprint Octoprint 1.2.12 Octoprint Octoprint 1.2.13 Octoprint Octoprint 1.2.14 Octoprint Octoprint 1.2.15 Octoprint Octoprint 1.2.16 Octoprint Octoprint 1.2.17 Octoprint Octoprint 1.2.18 Octoprint Octoprint 1.3.0 Octoprint Octoprint 1.3.1 Octoprint Octoprint 1.3.2 Octoprint Octoprint 1.3.3 Octoprint Octoprint 1.3.4 Octoprint Octoprint 1.3.5 Octoprint Octoprint 1.3.6 Octoprint Octoprint 1.3.7 Octoprint Octoprint 1.3.8 Octoprint Octoprint 1.3.9 Octoprint Octoprint 1.3.10 Octoprint Octoprint 1.3.11 Octoprint Octoprint 1.3.12 Octoprint Octoprint 1.4.0 Octoprint Octoprint 1.4.1 Octoprint Octoprint 1.4.2 Octoprint Octoprint 1.5.0 Octoprint Octoprint 1.5.1 Octoprint Octoprint 1.5.2 Octoprint Octoprint 1.5.3 Octoprint Octoprint 1.6.0 Octoprint Octoprint 1.6.1 Octoprint Octoprint 1.7.0 Octoprint Octoprint 1.7.1 Octoprint Octoprint 1.7.2 Octoprint Octoprint 1.7.3 Octoprint Octoprint 1.8.0 Octoprint Octoprint 1.8.1 Octoprint Octoprint 1.8.2 Octoprint Octoprint 1.8.3 Octoprint Octoprint 1.9.3 Octoprint Octoprint 1.10.0	110

Summary

Vulnerable Configurations

References