CVE-2022-2822

Authentication Bypass by Primary Weakness in octoprint/octoprint

CVSS 3.7 LOWEPSS 0.7%CWE-307

An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

octoprint · octoprint/octoprint

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d