An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NOctoprint
APPOctoprint< 1.9.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2018-16710CRITICAL9.1ten sam produkt
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service v...
CVE-2025-58180HIGH7.5ten sam produkt
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and inclu...
CVE-2024-32977HIGH7.1ten sam produkt
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and inclu...
CVE-2022-3068HIGH8.8ten sam produkt
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
CVE-2022-2930HIGH7.8ten sam produkt
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.