SCA: security update for OctoPrint (GHSA-5626-pw9c-hmjr)

medium Tenable Cloud Security Plugin ID 410608

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a
vulnerability that allows malicious admins to change the password of other admin accounts, including their
own, without having to repeat their password. An attacker who managed to hijack an admin account might use
this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version
1.10.0. (CVE-2024-23637)

Plugin Details

Severity: Medium

ID: 410608

Version: Revision 1.3

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 8/20/2025

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:N/A:C

CVSS Score Source: CVE-2024-23637

CVSS v3

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 1/31/2024

Vulnerability Publication Date: 1/31/2024

Reference Information

CVE: CVE-2024-23637

cwe: CWE-287, CWE-620

Detections

Analytics