CVE-2024-32977

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32977

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32977.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32977

Aliases

GHSA-2vjq-hg5w-5gm7

Published

2024-05-14T16:17:12Z

Modified

2024-05-19T02:24:45.679076Z

Summary

[none]

Details

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, spoofing their IP via the X-Forwarded-For header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.

References

Affected packages

Git / github.com/octoprint/octoprint

Affected ranges

Type: GIT
Repo: https://github.com/octoprint/octoprint
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5afbec8d23508edc25b0f1bdef1620580136add4

Affected versions

1.*

1.0.0

1.0.0-rc1

1.0.0-rc2

1.1.0

1.1.0-dev

1.1.0-rc1

1.1.0-rc2

1.1.1

1.1.2

1.10.0

1.10.0rc1

1.10.0rc2

1.10.0rc3

1.10.0rc4

1.2.0

1.2.0-dev

1.2.0-rc1

1.2.0-rc2

1.2.0-rc3

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

1.2.16

1.2.16rc1

1.2.16rc2

1.2.17

1.2.17rc1

1.2.17rc2

1.2.17rc3

1.2.17rc4

1.2.18

1.2.18rc1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0

1.3.0rc1

1.3.0rc2

1.3.0rc3

1.3.1

1.3.10

1.3.10rc1

1.3.10rc2

1.3.10rc3

1.3.10rc4

1.3.11

1.3.11rc1

1.3.11rc2

1.3.11rc3

1.3.12

1.3.12rc1

1.3.12rc2

1.3.12rc3

1.3.1rc1

1.3.1rc2

1.3.2

1.3.2rc1

1.3.3

1.3.3rc1

1.3.3rc2

1.3.3rc3

1.3.4

1.3.5

1.3.5rc1

1.3.5rc2

1.3.5rc3

1.3.5rc4

1.3.6

1.3.6rc1

1.3.6rc2

1.3.6rc3

1.3.7

1.3.7rc1

1.3.7rc2

1.3.7rc3

1.3.7rc4

1.3.8

1.3.9

1.3.9rc1

1.3.9rc2

1.3.9rc3

1.3.9rc4

1.4.0

1.4.0rc1

1.4.0rc2

1.4.0rc3

1.4.0rc4

1.4.0rc5

1.4.0rc6

1.4.1

1.4.1rc1

1.4.1rc2

1.4.1rc3

1.4.1rc4

1.4.2

1.5.0

1.5.0rc1

1.5.0rc2

1.5.0rc3

1.5.1

1.5.2

1.5.3

1.6.0

1.6.0rc1

1.6.0rc2

1.6.0rc3

1.6.1

1.7.0

1.7.0rc1

1.7.0rc2

1.7.0rc3

1.7.1

1.7.2

1.7.3

1.8.0

1.8.0rc1

1.8.0rc2

1.8.0rc3

1.8.0rc4

1.8.0rc5

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.9.0

1.9.0rc1

1.9.0rc2

1.9.0rc3

1.9.0rc4

1.9.0rc5

1.9.0rc6

1.9.1

1.9.2

1.9.3