{"id":"PYSEC-2022-282","details":"If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.","aliases":["CVE-2022-2888","GHSA-937f-qh3w-6g87"],"modified":"2023-11-01T04:58:38.116938Z","published":"2022-09-21T12:15:00Z","references":[{"type":"FIX","url":"https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"},{"type":"WEB","url":"https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"}],"affected":[{"package":{"name":"octoprint","ecosystem":"PyPI","purl":"pkg:pypi/octoprint"},"ranges":[{"type":"GIT","repo":"https://github.com/octoprint/octoprint","events":[{"introduced":"0"},{"fixed":"40e6217ac1a85cc5ed592873ae49db01d3005da4"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.3"}]}],"versions":["1.3.11","1.3.12","1.3.12rc1","1.3.12rc3","1.4.0","1.4.0rc1","1.4.0rc2","1.4.0rc3","1.4.0rc4","1.4.0rc5","1.4.0rc6","1.4.1","1.4.1rc1","1.4.1rc2","1.4.1rc3","1.4.1rc4","1.4.2","1.5.0","1.5.0rc1","1.5.0rc2","1.5.0rc3","1.5.1","1.5.2","1.5.3","1.6.0","1.6.0rc1","1.6.0rc2","1.6.0rc3","1.6.1","1.7.0","1.7.0rc1","1.7.0rc2","1.7.0rc3","1.7.1","1.7.2","1.7.3","1.8.0","1.8.0rc1","1.8.0rc2","1.8.0rc3","1.8.0rc4","1.8.0rc5","1.8.1","1.8.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2022-282.yaml"}}],"schema_version":"1.7.3"}