Home > Vulnerability Database > CVE-2024-23637

Mend.io Vulnerability Database

CVE-2024-23637

Good to know:

Date: January 31, 2024

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.

Language: Python

Severity Score

4.9

Related Resources (5)

Url: https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23637

Url: https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr

Url: https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1

Url: https://www.mend.io/vulnerability-database/CVE-2024-23637

Severity Score

4.9

Weakness Type (CWE)

Authentication Issues

CWE-287

Unverified Password Change

CWE-620

Top Fix

Upgrade Version

Upgrade to version OctoPrint - 1.10.0

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23637

Good to know:

Date: January 31, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?