Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-41047
HistoryOct 09, 2023 - 4:15 p.m.

CVE-2023-41047

2023-10-0916:15:10
CWE-1336
[email protected]
web.nvd.nist.gov
1
octoprint
vulnerability
admin code execution
gcode
patch

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

9.8%

JSON

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.

Affected configurations

Nvd
Node
octoprintoctoprintRange<1.9.3
VendorProductVersionCPE
octoprintoctoprint*cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*

Related

prion 1
veracode 1
osv 3
github 1
cvelist 1
cve 1
vulnrichment 1
prion
prion
Code injection
2023-10-09 16:15:00
veracode
veracode
Improper Sanitization
2023-10-11 07:21:06
osv
osv
PYSEC-2023-195
2023-10-09 16:15:00
CVE-2023-41047
2023-10-09 16:15:10
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
2023-10-10 21:21:12
github
github
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
2023-10-10 21:21:12
cvelist
cvelist
CVE-2023-41047 Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint
2023-10-09 15:18:06
cve
cve
CVE-2023-41047
2023-10-09 16:15:10
vulnrichment
vulnrichment
CVE-2023-41047 Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint
2023-10-09 15:18:06

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

9.8%

JSON
Related for NVD:CVE-2023-41047
prion1veracode1osv3github1cvelist1cve1vulnrichment1