Unverified Password Change
CVE-2022-2930
Summary
The package octoprint prior to 1.8.3 is vulnerable to Unverified Password Change.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-620 - Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
References
Advisory Timeline
- Published
