Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01dzV4LXE5cDUtOXFnM84AAuBj
OctoPrint does not have rate limiting on the login page
OctoPrint 1.7.3 and prior does not have rate limiting on the login page, making it possible for attackers to attempt brute force attacks. The severity of this issue is limited by OctoPrint normally running in a restricted LAN. The devel
and maintenance
branches of the repository have a fix that limits the rate of failed login attempts.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01dzV4LXE5cDUtOXFnM84AAuBj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: 8 months ago
CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-5w5x-q9p5-9qg3, CVE-2022-2822
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-2822
- https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de
- https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d
- https://github.com/advisories/GHSA-5w5x-q9p5-9qg3
Blast Radius: 2.9
Affected Packages
pypi:OctoPrint
Dependent packages: 1Dependent repositories: 6
Downloads: 11,156 last month
Affected Version Ranges: <= 1.7.3
No known fixed version
All affected versions: 1.3.11, 1.3.12, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.7.2, 1.7.3