CVE-2022-2888
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-2888
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2888.json
- Aliases
- Published
- 2022-09-21T12:15:09Z
- Modified
- 2023-11-29T09:32:49.715358Z
- Details
-
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
- References
Affected packages
Git / github.com/foosel/octoprint
Affected ranges
- Type
- GIT
- Repo
- https://github.com/foosel/octoprint
- Events
- Type
- GIT
- Repo
- https://github.com/octoprint/octoprint
- Events
Affected versions
1.*
1.0.0
1.0.0-rc1
1.0.0-rc2
1.1.0
1.1.0-dev
1.1.0-rc1
1.1.0-rc2
1.1.1
1.1.2
1.2.0
1.2.0-dev
1.2.0-rc1
1.2.0-rc2
1.2.0-rc3
1.2.1
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.16rc1
1.2.16rc2
1.2.17
1.2.17rc1
1.2.17rc2
1.2.17rc3
1.2.17rc4
1.2.18
1.2.18rc1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.0rc1
1.3.0rc2
1.3.0rc3
1.3.1
1.3.10
1.3.10rc1
1.3.10rc2
1.3.10rc3
1.3.10rc4
1.3.11
1.3.11rc1
1.3.11rc2
1.3.11rc3
1.3.12
1.3.12rc1
1.3.12rc2
1.3.12rc3
1.3.1rc1
1.3.1rc2
1.3.2
1.3.2rc1
1.3.3
1.3.3rc1
1.3.3rc2
1.3.3rc3
1.3.4
1.3.5
1.3.5rc1
1.3.5rc2
1.3.5rc3
1.3.5rc4
1.3.6
1.3.6rc1
1.3.6rc2
1.3.6rc3
1.3.7
1.3.7rc1
1.3.7rc2
1.3.7rc3
1.3.7rc4
1.3.8
1.3.9
1.3.9rc1
1.3.9rc2
1.3.9rc3
1.3.9rc4
1.4.0
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.1
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.2
1.5.0
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.1
1.5.2
1.5.3
1.6.0
1.6.0rc1
1.6.0rc2
1.6.0rc3
1.6.1
1.7.0
1.7.0rc1
1.7.0rc2
1.7.0rc3
1.7.1
1.7.2
1.7.3
1.8.0
1.8.0rc1
1.8.0rc2
1.8.0rc3
1.8.0rc4
1.8.0rc5
1.8.1
1.8.2