Moderate severityNVD Advisory· Published Sep 21, 2022· Updated May 28, 2025
Insufficient Session Expiration in octoprint/octoprint
CVE-2022-2888
Description
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
OctoPrintPyPI | < 1.8.3 | 1.8.3 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-937f-qh3w-6g87ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2888ghsaADVISORY
- github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yamlghsaWEB
- huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.