漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OctoPrint-SpoolManager Plugin APIs do not enforce authentication
Vulnerability Description
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This issue has been patched in versions 1.8.0a3 of the testing branch and 1.7.8 of the stable branch. The impact of this vulnerability is greatly reduced when using OctoPrint version 1.11.2 and newer.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
OctoPrint-SpoolManager 授权问题漏洞
Vulnerability Description
OctoPrint-SpoolManager是Wild Rikku个人开发者的一个用于管理spool及其使用元数据的插件。 OctoPrint-SpoolManager 1.8.0a2版本和1.7.7版本存在授权问题漏洞,该漏洞源于API未正确执行身份验证或授权检查。
CVSS Information
N/A
Vulnerability Type
N/A