Lucene search
Veracode Vulnerability DatabaseVERACODE:36718HistoryAug 16, 2022 - 5:38 a.m.
Privilege Escalation
2022-08-1605:38:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
octoprint
vulnerability
privilege escalation
login page
attacker
user passwords
administrative accounts
rate limit
EPSS
0.001
Percentile
51.0%
octoprint is vulnerable to privilege escalation. The vulnerability exists because of the lack of a rate limit on the login page, allowing an attacker to guess user passwords and gain access to user and administrative accounts.
References
github.com/advisories/GHSA-5w5x-q9p5-9qg3
github.com/gruvin/OctoPrint/pull/1
github.com/NilsRo/OctoPrint/pull/1
github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de
github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de#
huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d
huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d/
huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d/
Related
osv
osv
CVE-2022-2822
2022-08-15 11:21:32
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
nvd
nvd
CVE-2022-2822
2022-08-15 11:21:32
github
github
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
prion
prion
Default credentials
2022-08-15 11:21:00
huntr
huntr
No rate limit on main Login page lead to account takeover
2022-08-12 20:03:31
cvelist
cvelist
cve
cve
CVE-2022-2822
2022-08-15 11:21:32