CVE-2024-51493

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 5, 2024
Updated: Nov 6, 2024
CWE ID 620

Summary

CVE-2024-51493 affects OctoPrint, a web interface for controlling consumer 3D printers. The vulnerability, present in versions up to and including 1.10.2, allows an attacker to gain unauthorized access to or manipulate API keys during an authenticated session, without requiring re-entry of passwords. An attacker could use a stolen API key to control OctoPrint through its API or disrupt workflows by deleting keys. Version 1.10.3 will address this issue, and users are strongly encouraged to upgrade as soon as possible. Currently, there are no known workarounds for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share