OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HOctoprint
APPOctoprint≤ 1.3.9
Related vulnerabilities
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and inclu...
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and inclu...
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
An attacker can freely brute force username and password and can takeover any account. An attacker could easil...