CVE-2022-2822: Improper Restriction of Excessive Authentication Attempts

August 15, 2022 (updated August 16, 2022)

An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.

References

github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de
huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d
nvd.nist.gov/vuln/detail/CVE-2022-2822

Code Behaviors & Features

Detect and mitigate CVE-2022-2822 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →