PT-2021-19782 · Octoprint · Octoprint

Jakub Brzozowski

Published

2021-05-11

Updated

2022-05-24

CVE-2021-32560

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OctoPrint versions prior to 1.6.0

Description The issue is related to incorrect access control in the Logging subsystem, which attempts to manage files that are not *.log files. This could potentially lead to unauthorized access or manipulation of files.

Recommendations For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Logging subsystem until a patch is available.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2021-32560

GHSA-X9RQ-FJP5-QGM9

PYSEC-2021-29

Affected Products

Octoprint

PT-2021-19782 · Octoprint · Octoprint

CVE-2021-32560

Weakness Enumeration

Related Identifiers

Affected Products

References · 10