How severe is CVE-2024-51493?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-51493?

This is classified as CWE-620, which is a common weakness in software security.

CVE-2024-51493 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2021-22773

MEDIUM

CVSS:6.5(Medium)

A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1...

CWE-6202021

CVE-2023-4465

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300...

CWE-6202023

CVE-2024-41796

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. ...

CWE-6202024

CVE-2023-25931

MEDIUM

CVSS:6.8(Medium)

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updatin...

CWE-6202023

CVE-2021-34785

HIGH

CVSS:7.2(High)

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected s...

CWE-6202021

CVE-2022-21935

HIGH

CVSS:7.5(High)

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

CWE-6202022