CVE-2022-2888: Insufficient Session Expiration
(updated )
If an attacker comes into the possession of a victim’s OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim’s account exists.
References
Detect and mitigate CVE-2022-2888 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →