PT-2022-19196 · Octoprint · Octoprint

Published

2022-09-21

Updated

2022-09-23

CVE-2022-2872

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OctoPrint versions prior to 1.8.3

Description The issue is related to the unrestricted upload of files with dangerous types. Due to a misconfiguration in the move file functionality, an attacker could change the file extension of an uploaded malicious file disguised as a .gcode file.

Recommendations For versions prior to 1.8.3, update to version 1.8.3 to resolve the issue. As a temporary workaround, consider restricting the upload functionality to prevent malicious file uploads until the patch is applied.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-2872

GHSA-49WM-4FP6-H59C

PYSEC-2022-286

Affected Products

Octoprint

PT-2022-19196 · Octoprint · Octoprint

CVE-2022-2872

Weakness Enumeration

Related Identifiers

Affected Products

References · 11