CVE-2022-2822 – octoprint

Package

Manager: pip
Name: octoprint
Vulnerable Version: >=0 <=1.7.3

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00325 pctl0.54872

Details

OctoPrint does not have rate limiting on the login page OctoPrint 1.7.3 and prior does not have rate limiting on the login page, making it possible for attackers to attempt brute force attacks. The severity of this issue is limited by OctoPrint normally running in a restricted LAN. The `devel` and `maintenance` branches of the repository have a fix that limits the rate of failed login attempts.

Metadata

Created: 2022-08-16T00:00:31Z
Modified: 2023-09-01T21:55:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-5w5x-q9p5-9qg3/GHSA-5w5x-q9p5-9qg3.json
CWE IDs: ["CWE-307"]
Alternative ID: GHSA-5w5x-q9p5-9qg3
Finding: F053
Auto approve: 1