CVE-2024-23637

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.

Related Vulnerabilities

CVE-2018-4856

MEDIUM
CVSS:4.9(Medium)

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitim...

CWE-2872018

CVE-2019-14553

MEDIUM
CVSS:4.9(Medium)

Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.

CWE-2872019

CVE-2020-12035

MEDIUM
CVSS:4.9(Medium)

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibra...

CWE-2872020

CVE-2020-16239

MEDIUM
CVSS:4.9(Medium)

Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.

CWE-2872020

CVE-2020-4205

MEDIUM
CVSS:5.0(Medium)

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have bee...

CWE-2872020

CVE-2023-0264

MEDIUM
CVSS:5.0(Medium)

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the sam...

CWE-2872023