Safety vulnerability ID: 71959
The information on this page was manually curated by our Cybersecurity Intelligence Team.
OctoPrint affected versions contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact.. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or make the instance inaccessible from potentially hostile networks like the internet.
Latest version: 1.10.3
The snappy web interface for your 3D printer
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application