Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OctoPrint vulnerable to possible file extraction via upload endpoints
Vulnerability Description
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
OctoPrint 安全漏洞
Vulnerability Description
OctoPrint是OctoPrint开源的一个应用程序。提供了一个快速的Web界面,用于控制消费类3D打印机。 OctoPrint 1.11.1及之前版本存在安全漏洞,该漏洞源于文件上传权限不当,可能导致文件泄露。
CVSS Information
N/A
Vulnerability Type
N/A