OctoPrint File Exfiltration Vulnerability in Upload Endpoints

A file exfiltration vulnerability has been identified in OctoPrint versions prior to 1.11.2. This issue allows an attacker with the FILE_UPLOAD permission to access and download files from the host system that OctoPrint can read. The vulnerability arises from the upload functionality, where files can be moved into the upload folder and subsequently downloaded. This poses a risk of leaking sensitive information from OctoPrint's configuration or other system files, potentially disrupting the host's availability by removing critical runtime files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files on the host system, including sensitive configuration data or other system files. Such actions could also disrupt the availability of the host by removing important runtime files.

Reproduction

To reproduce this vulnerability, an authenticated user with FILE_UPLOAD permission can upload a file through one of the affected endpoints. The file will be moved to the upload folder, from where it can be downloaded. This can be done using a crafted HTTP request that includes internal-only form inputs, bypassing normal file upload restrictions.

Remediation

Users can upgrade to OctoPrint version 1.11.2, where this vulnerability has been patched.