1. Home
  2. CVE Database
  3. CVE-2024-51493
MEDIUM · 5.3

CVE-2024-51493

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary cont...

Vulnerability Description

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
OctoprintOctoprint< 1.10.3

Related Weaknesses (CWE)

CWE-306CWE-620

References

FAQ

What is CVE-2024-51493?

CVE-2024-51493 is a vulnerability with a CVSS score of 5.3 (MEDIUM). OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary cont...

How severe is CVE-2024-51493?

CVE-2024-51493 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-51493?

Check the references section above for vendor advisories and patch information. Affected products include: Octoprint Octoprint.