CVE-2022-3607 - OpenCVE

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Octoprint	Octoprint

Configuration 1 [-]

cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e	Patch Third Party Advisory
https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-10-19T00:00:00

Updated: 2022-10-19T00:00:00

Reserved: 2022-10-19T00:00:00

Link: CVE-2022-3607

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-19T13:15:08.840

Modified: 2022-10-20T19:33:53.910

Link: CVE-2022-3607

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*", "matchCriteriaId": "900F81F7-9FC4-44CE-ABD6-1E82DC120B4B", "versionEndExcluding": "1.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3."}, {"lang": "es", "value": "Un Fallo en el Saneo de Elementos Especiales en un Plano Diferente (Inyecci\u00f3n de Elementos Especiales) en el repositorio de GitHub octoprint/octoprint versiones anteriores a 1.8.3"}], "id": "CVE-2022-3607", "lastModified": "2022-10-20T19:33:53.910", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-19T13:15:08.840", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-75"}], "source": "security@huntr.dev", "type": "Secondary"}]}