Main Vulnerability Database Vulnerabilities #VU100038

#VU100038 Missing Authentication for Critical Function in OctoPrint - CVE-2024-51493

Published: November 7, 2024

Vulnerability identifier: #VU100038

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-51493

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OctoPrint

Software vendor:
octoprint.org

Description

The vulnerability allows a remote attacker to perform unauthorized actions.

The vulnerability exists due to a missing additional authorization step when performing sensitive actions, such as managing the API keys. A remote attacker who gained temporary control over an authenticated victim's OctoPrint browser session can retrieve, recreate, or delete the user's API key.

Remediation

Install updates from vendor's website.

External links

https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953
https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.3

#VU100038 Missing Authentication for Critical Function in OctoPrint - CVE-2024-51493

Description

Remediation

External links

Please verify you're human