CVE-2024-51493

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 620

Summary

CVE-2024-51493 affects OctoPrint, a web interface for controlling consumer 3D printers. The vulnerability, present in versions up to and including 1.10.2, allows an attacker to gain unauthorized access to or manipulate API keys during an authenticated session, without requiring re-entry of passwords. An attacker could use a stolen API key to control OctoPrint through its API or disrupt workflows by deleting keys. Version 1.10.3 will address this issue, and users are strongly encouraged to upgrade as soon as possible. Currently, there are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OctoPrint

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/z8WGky
https://www.cve.org/CVERecord?id=CVE-2024-51493
https://nvd.nist.gov/vuln/detail/CVE-2024-51493

Back to Vulnerability Database

CVE-2024-51493

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations