<p>Upgrade <code>OctoPrint</code> to version 1.8.3 or higher.</p>

Cross-site Request Forgery (CSRF) Affecting octoprint package, versions [,1.8.3)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-OCTOPRINT-6394546
published 6 Mar 2024
disclosed 1 Mar 2024
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 1 Mar 2024

CWE-352 Open this link in a new tab

How to fix?

Upgrade OctoPrint to version 1.8.3 or higher.

Overview

OctoPrint is a snappy web interface for your 3D printer

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). An admin user could be deceived into visiting a malicious website, which could then install harmful plugins on the OctoPrint server using the admin's login credentials.

References

GitHub Commit

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

Required

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

Low
Availability (A)

None

Cross-site Request Forgery (CSRF) Affecting octoprint package, versions [,1.8.3)

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 1 Mar 2024

How to fix?

Overview

References

CVSS Scores

Snyk