Vulnerability Database

296,760

Total vulnerabilities in the database

CVE-2022-2888

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

Published: Sep 21, 2022
Updated: May 9, 2024
CVE: CVE-2022-2888
GHSA: GHSA-937f-qh3w-6g87
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-613

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
octoprint / octoprint	-	1.8.3
OctoPrint	-	1.8.3

https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml
https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo