OpenCVE

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Octoprint	Octoprint

Configuration 1 [-]

cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-09-21T11:25:08

Updated: 2024-08-03T00:52:59.606Z

Reserved: 2022-08-18T00:00:00

Link: CVE-2022-2888

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-21T12:15:09.923

Modified: 2024-11-21T07:01:52.543

Link: CVE-2022-2888

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "octoprint/octoprint", "vendor": "octoprint", "versions": [{"lessThan": "1.8.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T11:25:08", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"}], "source": {"advisory": "d27d232b-2578-4b32-b3b4-74aabdadf629", "discovery": "EXTERNAL"}, "title": "Insufficient Session Expiration in octoprint/octoprint", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2888", "STATE": "PUBLIC", "TITLE": "Insufficient Session Expiration in octoprint/octoprint"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "octoprint/octoprint", "version": {"version_data": [{"version_affected": "<", "version_value": "1.8.3"}]}}]}, "vendor_name": "octoprint"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-613 Insufficient Session Expiration"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"}, {"name": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4", "refsource": "MISC", "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"}]}, "source": {"advisory": "d27d232b-2578-4b32-b3b4-74aabdadf629", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:52:59.606Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2888", "datePublished": "2022-09-21T11:25:08", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-08-03T00:52:59.606Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}