CVE-2018-16710

Published: Sep 7, 2018Modified: Nov 21, 2024

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.

Affected (1)

Products: Octoprint: Octoprint

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Octoprint Octoprint	Up to 1.3.9

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/foosel/OctoPrint/issues/2814

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/foosel/OctoPrint/issues/2814

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.