If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4 | Patch Third Party Advisory | 
| https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629 | Exploit Patch Third Party Advisory | 
| https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4 | Patch Third Party Advisory | 
| https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629 | Exploit Patch Third Party Advisory | 
Configurations
                    History
                    21 Nov 2024, 07:01
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2022-09-21 12:15
Updated : 2024-11-21 07:01
NVD link : CVE-2022-2888
Mitre link : CVE-2022-2888
CVE.ORG link : CVE-2022-2888
JSON object : View
Products Affected
                octoprint
- octoprint
CWE
                
                    
                        
                        CWE-613
                        
            Insufficient Session Expiration
