CNNVD-202510-3229 Information
CNNVD ID
CNNVD-202510-3229
Related CVE
- CNNVD Published: 2025-10-23
Description (Chinese)
OctoPrint-SpoolManager是Wild Rikku个人开发者的一个用于管理spool及其使用元数据的插件。 OctoPrint-SpoolManager 1.8.0a2版本和1.7.7版本存在授权问题漏洞,该漏洞源于API未正确执行身份验证或授权检查。
Description (English)
OctoPrint-SpoolManager is a plugin for managing spool and its use of metadata for Wild Rikku personal developers. There is a loophole in the delegation of authority in the OctoPrint-SpoolManager versions 1.8.0a2 and 1.7.7, which stems from the fact that API did not properly perform authentication or authorization checks.
Hazard Level
Medium
Vulnerability Type
授权问题
Affected Vendor
个人开发者
Published
2025-10-23
Last Modified
2026-02-24
References
https://github.com/WildRikku/OctoPrint-SpoolManager/commit/b725e113316e177ce81238a2dbbbdb63d92c40b0 https://github.com/WildRikku/OctoPrint-SpoolManager/releases/tag/1.7.8 https://github.com/WildRikku/OctoPrint-SpoolManager/releases/tag/1.8.0a3 https://github.com/WildRikku/OctoPrint-SpoolManager/security/advisories/GHSA-2rrc-f24f-94f6
Patch
https://github.com/WildRikku/OctoPrint-SpoolManager/releases
Share on: