CVE-2021-32560

CVE-2021-32560

EPSS 1.5%

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0 https://octoprint.org/blog/2021/04/27/new-release-1.6.0/https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html