CVE-2023-41047

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-41047

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41047.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41047

Aliases

Related

GHSA-fwfg-vprh-97ph

Published

2023-10-09T16:15:10Z

Modified

2025-01-15T04:57:40.886338Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.

References

Affected packages

Git / github.com/foosel/octoprint

Affected ranges

Type: GIT
Repo: https://github.com/foosel/octoprint
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

506648c152681bf4b1416cf2b5aaf97d526ee752

Type: GIT
Repo: https://github.com/octoprint/octoprint
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d0072cff894509c77e243d6562245ad3079e17db

Fixed

d0072cff894509c77e243d6562245ad3079e17db

Affected versions

1.*

1.0.0

1.0.0-rc1

1.0.0-rc2

1.1.0

1.1.0-dev

1.1.0-rc1

1.1.0-rc2

1.1.1

1.1.2

1.2.0

1.2.0-dev

1.2.0-rc1

1.2.0-rc2

1.2.0-rc3

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

1.2.16

1.2.16rc1

1.2.16rc2

1.2.17

1.2.17rc1

1.2.17rc2

1.2.17rc3

1.2.17rc4

1.2.18

1.2.18rc1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0

1.3.0rc1

1.3.0rc2

1.3.0rc3

1.3.1

1.3.10

1.3.10rc1

1.3.10rc2

1.3.10rc3

1.3.10rc4

1.3.11

1.3.11rc1

1.3.11rc2

1.3.11rc3

1.3.12

1.3.12rc1

1.3.12rc2

1.3.12rc3

1.3.1rc1

1.3.1rc2

1.3.2

1.3.2rc1

1.3.3

1.3.3rc1

1.3.3rc2

1.3.3rc3

1.3.4

1.3.5

1.3.5rc1

1.3.5rc2

1.3.5rc3

1.3.5rc4

1.3.6

1.3.6rc1

1.3.6rc2

1.3.6rc3

1.3.7

1.3.7rc1

1.3.7rc2

1.3.7rc3

1.3.7rc4

1.3.8

1.3.9

1.3.9rc1

1.3.9rc2

1.3.9rc3

1.3.9rc4

1.4.0

1.4.0rc1

1.4.0rc2

1.4.0rc3

1.4.0rc4

1.4.0rc5

1.4.0rc6

1.4.1

1.4.1rc1

1.4.1rc2

1.4.1rc3

1.4.1rc4

1.4.2

1.5.0

1.5.0rc1

1.5.0rc2

1.5.0rc3

1.5.1

1.5.2

1.5.3

1.6.0

1.6.0rc1

1.6.0rc2

1.6.0rc3

1.6.1

1.7.0

1.7.0rc1

1.7.0rc2

1.7.0rc3

1.7.1

1.7.2

1.7.3

1.8.0

1.8.0rc1

1.8.0rc2

1.8.0rc3

1.8.0rc4

1.8.0rc5

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.9.0

1.9.0rc1

1.9.0rc2

1.9.0rc3

1.9.0rc4

1.9.0rc5

1.9.0rc6

1.9.1

1.9.2