CVE-2022-2822

Exploit

EPSS 0.69%
Veröffentlicht 15.08.2022 11:21:32
Zuletzt bearbeitet 21.11.2024 07:01:45
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Authentication Bypass by Primary Weakness in octoprint/octoprint

An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octoprint ≫ Octoprint Version < 1.9.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.478

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security@huntr.dev	3.7	2.2	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de

Patch

Third Party Advisory

https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d

Patch

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-2822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2822

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-2822