CVE-2022-2872 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
@huntrdev	CNA	3.7 LOW	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
octoprint	octoprint	𝑥 < 1.8.3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0

https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56

https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0

https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56