Lucene search

Veracode Vulnerability DatabaseVERACODE:45275

HistoryFeb 01, 2024 - 4:44 p.m.

Unverified Password Change

2024-02-0116:44:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

octoprint

password change

vulnerability

admin accounts

improper validation

security issue

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

19.1%

JSON

OctoPrint is vulnerable to Unverified Password Change. The vulnerability is due to improper validation within the password change functionality for admin accounts. The issue can be exploited to a malicious admin to change the passwords of other admin account.

References

github.com/advisories/GHSA-5626-pw9c-hmjr

github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125

github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1

github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

19.1%

JSON

Related for VERACODE:45275