PYSEC-2022-282

Source
https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2022-282.yaml
Aliases
Published
2022-09-21T12:15:00Z
Modified
2022-09-22T17:04:30.485402Z
Details

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

References

Affected packages

PyPI / octoprint

octoprint

Affected ranges

Type
GIT
Events
Type
ECOSYSTEM
Events
Introduced
0
Fixed
1.8.3

Affected versions

1.*

1.3.11
1.3.12
1.3.12rc1
1.3.12rc3
1.4.0
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.1
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.2
1.5.0
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.1
1.5.2
1.5.3
1.6.0
1.6.0rc1
1.6.0rc2
1.6.0rc3
1.6.1
1.7.0
1.7.0rc1
1.7.0rc2
1.7.0rc3
1.7.1
1.7.2
1.7.3
1.8.0
1.8.0rc1
1.8.0rc2
1.8.0rc3
1.8.0rc4
1.8.0rc5
1.8.1
1.8.2