CVE-2022-2888 MEDIUM

CVE-2022-2888: Insufficient Session Expiration in octoprint/octoprint

Vendor Octoprint
Product octoprint/octoprint
Weakness CWE-613 · Insufficient session expiration
Published September 21, 2022
Last update May 28, 2025

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

Key dates

02Disclosure timeline

September 21, 2022 CVE published
May 28, 2025 Record updated