What is CVE-2023-41047?

CVE-2023-41047 is a vulnerability in OctoPrint versions up until and including 1.9.2 that allows malicious admins to execute code during rendering of GCODE scripts.

How does CVE-2023-41047 impact OctoPrint?

CVE-2023-41047 allows malicious admins to configure a specially crafted GCODE script through the Settings, resulting in code execution during rendering.

What is the severity of CVE-2023-41047?

CVE-2023-41047 has a severity rating of medium, with a CVSS score of 6.2.

Is CVE-2023-41047 fixed in OctoPrint?

Yes, CVE-2023-41047 is fixed in OctoPrint version 1.9.3.

How can I fix CVE-2023-41047 in OctoPrint?

To fix CVE-2023-41047, update your OctoPrint installation to version 1.9.3 or later.

Vulnerability/
CVE-2023-41047

medium

6.5

CWE

1336

9/10/2023

10/10/2023

8/11/2023

CVE-2023-41047

First published: Mon Oct 09 2023(Updated: )

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Octoprint Octoprint	<1.9.3
pip/OctoPrint	<1.9.3	1.9.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-41047?
CVE-2023-41047 is a vulnerability in OctoPrint versions up until and including 1.9.2 that allows malicious admins to execute code during rendering of GCODE scripts.
How does CVE-2023-41047 impact OctoPrint?
CVE-2023-41047 allows malicious admins to configure a specially crafted GCODE script through the Settings, resulting in code execution during rendering.
What is the severity of CVE-2023-41047?
CVE-2023-41047 has a severity rating of medium, with a CVSS score of 6.2.
Is CVE-2023-41047 fixed in OctoPrint?
Yes, CVE-2023-41047 is fixed in OctoPrint version 1.9.3.
How can I fix CVE-2023-41047 in OctoPrint?
To fix CVE-2023-41047, update your OctoPrint installation to version 1.9.3 or later.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/github-advisory
alias/GHSA-fwfg-vprh-97ph
alias/CVE-2023-41047
collector/github-advisory-latest
collector/nvd-api
collector/nvd-cve
collector/nvd-index
package-manager/pip
vendor/octoprint
canonical/octoprint octoprint

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.