Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OctoPrint-SpoolManager Plugin APIs do not enforce authentication
Vulnerability Description
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This issue has been patched in versions 1.8.0a3 of the testing branch and 1.7.8 of the stable branch. The impact of this vulnerability is greatly reduced when using OctoPrint version 1.11.2 and newer.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
OctoPrint-SpoolManager 授权问题漏洞
Vulnerability Description
OctoPrint-SpoolManager是Wild Rikku个人开发者的一个用于管理spool及其使用元数据的插件。 OctoPrint-SpoolManager 1.8.0a2版本和1.7.7版本存在授权问题漏洞,该漏洞源于API未正确执行身份验证或授权检查。
CVSS Information
N/A
Vulnerability Type
N/A