GHSA-39gf-864w-pxw4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-39gf-864w-pxw4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-39gf-864w-pxw4/GHSA-39gf-864w-pxw4.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-39gf-864w-pxw4
- Aliases
- Published
- 2022-08-23T00:00:19Z
- Modified
- 2024-11-22T18:28:26.862627Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Unverified Password Change in OctoPrint
- Details
-
Versions of OctoPrint prior to 1.8.3 did not require the current user password in order to change that users password. As a result users could be locked out of their accounts or have their accounts stolen under certain circumstances.
- Database specific
{ "nvd_published_at": "2022-08-22T12:15:00Z", "cwe_ids": [ "CWE-620" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-08-30T20:25:13Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-2930
- https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f
- https://github.com/octoprint/octoprint
- https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml
- https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477
Affected packages
PyPI / octoprint
Package
- Name
- octoprint
- View open source insights on deps.dev
- Purl
- pkg:pypi/octoprint
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3
Affected versions
1.*
1.3.11
1.3.12rc1
1.3.12rc3
1.3.12
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.0
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.1
1.4.2
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0rc1
1.6.0rc2
1.6.0rc3
1.6.0
1.6.1
1.7.0rc1
1.7.0rc2
1.7.0rc3
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0rc1
1.8.0rc2
1.8.0rc3
1.8.0rc4
1.8.0rc5
1.8.0
1.8.1
1.8.2