CVE-2024-28237

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Mar 18, 2024
Updated: Jan 8, 2025
CWE ID 79

Summary

CVE-2024-28237 is a vulnerability affecting versions up to and including 1.9.3 of OctoPrint, a popular web interface for controlling consumer 3D printers. This issue allows malicious administrators to manipulate victims with administrator rights into testing a crafted webcam snapshot URL. Upon attempting to render the snapshot image, the victims' browsers execute JavaScript code, enabling attackers to retrieve or modify sensitive configuration settings, interrupt prints, or interact with the OctoPrint instance maliciously. OctoPrint users are strongly urged to update to version 1.10.0rc3 and exercise caution when granting admin access to ensure the security of their installations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share