Home > Vulnerability Database > WS-2022-0249

Mend.io Vulnerability Database

WS-2022-0249

Good to know:

Date: June 30, 2022

An open-redirect vulnerability was discovered in In OctoPrint before 1.8.2. The redirect get variable in login page isn't properly checked. Currently, it check if url.scheme and url.netloc are empty using urllib, which does not handle all URL currently. An attacker could redirect a user to a malicious domain.

Language: Python

Severity Score

6.1

Related Resources (2)

Url: https://github.com/octoprint/octoprint/commit/dabdd40806e3409f134ab8e276f078e2a02d062b

Url: https://www.mend.io/vulnerability-database/WS-2022-0249

Severity Score

6.1

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version OctoPrint - 1.8.2

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0249

Good to know:

Date: June 30, 2022

Language: Python

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?