API security news
Main / CVE-2022-2888
CVE-2022-2888
Discription

If an attacker comes into the possession of a victim’s OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim’s account exists.Read More

References

https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629

Back to Main
Share

Twitter

Facebook
Subscribe for the latest news:

    • ID: CVE-2022-2888
    • Type: cve
    • Reporter: security@huntr.dev
    • Modified: 2022-09-21 12:55:00
    CWE-613

    Categories

    • API Security
    • API
    • Bugbounty
    • CVE
    • GraphQL
    • gRPC
    • JSON-RPC
    • JSON Web Token
    • OAuth
    • SOAP
    • WebSocket
    • With threat indicators
    • WSDL
    • XML-RPC

    Gold sponsor:

    Wallarm logo
    Become a sponsor API-security.blog