CVE-2022-2888

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-2888
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2888.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-2888
Aliases
Published
2022-09-21T11:25:08Z
Modified
2026-04-20T04:05:13.075087Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Insufficient Session Expiration in octoprint/octoprint
Details

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

Database specific 
{
    "cwe_ids": [
        "CWE-613"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2888.json",
    "cna_assigner": "@huntrdev"
}
References

Affected packages

Git / github.com/OctoPrint/OctoPrint

Affected ranges

Type
GIT
Repo
https://github.com/OctoPrint/OctoPrint
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d0d226f3e0ad0a6436e4f32519bf38a82aa576ca
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.8.3"
        }
    ]
}

Affected versions

1.*
1.1.0-dev
1.2.0
1.2.0-dev
1.2.0-rc1
1.2.0-rc2
1.2.0-rc3
1.2.1
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.16rc1
1.2.16rc2
1.2.17rc1
1.2.17rc2
1.2.17rc3
1.2.18
1.2.18rc1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.5.0
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.1
1.5.2
1.5.3
1.6.1
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2888.json"

Git / github.com/octoprint/octoprint

Affected ranges

Type
GIT
Repo
https://github.com/octoprint/octoprint
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
40e6217ac1a85cc5ed592873ae49db01d3005da4
Database specific 
{
    "source": "REFERENCES"
}

Affected versions

1.*
1.1.0-dev
1.2.0
1.2.0-dev
1.2.0-rc1
1.2.0-rc2
1.2.0-rc3
1.2.1
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.16rc1
1.2.16rc2
1.2.17rc1
1.2.17rc2
1.2.17rc3
1.2.18
1.2.18rc1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.5.0
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.1
1.5.2
1.5.3
1.6.1
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2888.json"