Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OctoPrint Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Vulnerability Description
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
OctoPrint 安全漏洞
Vulnerability Description
OctoPrint是一个应用程序。提供了一个快速的Web界面,用于控制消费类3D打印机。 OctoPrint 1.10.0之前版本存在安全漏洞,该漏洞源于存在身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A