PYSEC-2022-282
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2022-282.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2022-282
- Aliases
- Published
- 2022-09-21T12:15:00Z
- Modified
- 2023-11-01T04:58:38.116938Z
- Summary
- [none]
- Details
-
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
- References
Affected packages
PyPI / octoprint
Package
- Name
- octoprint
- View open source insights on deps.dev
- Purl
- pkg:pypi/octoprint
Affected ranges
- Type
- GIT
- Repo
- https://github.com/octoprint/octoprint
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3
Affected versions
1.*
1.3.11
1.3.12rc1
1.3.12rc3
1.3.12
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.0
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.1
1.4.2
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0rc1
1.6.0rc2
1.6.0rc3
1.6.0
1.6.1
1.7.0rc1
1.7.0rc2
1.7.0rc3
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0rc1
1.8.0rc2
1.8.0rc3
1.8.0rc4
1.8.0rc5
1.8.0
1.8.1
1.8.2