First published: Tue May 11 2021(Updated: )
The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Octoprint Octoprint | <1.6.0 | |
pip/octoprint | <1.6.0 | 1.6.0 |
<1.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-32560 is a vulnerability in OctoPrint before 1.6.0 that has incorrect access control in its Logging subsystem.
CVE-2021-32560 has a severity rating of 6.5, which is considered medium severity.
OctoPrint versions before 1.6.0 are affected by CVE-2021-32560.
To fix CVE-2021-32560, upgrade to OctoPrint version 1.6.0 or later.
More information about CVE-2021-32560 can be found in the references: [GitHub](https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0), [OctoPrint Blog](https://octoprint.org/blog/2021/04/27/new-release-1.6.0/), [Brzozowski.io](https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html).