CVE-2022-1430 – This DOM-based XSS vulnerability in OctoPrint a... (How to Fix)

Q: What is the severity of CVE-2022-1430?

CVE-2022-1430 has a CVSS score of 7.5 (HIGH). This DOM-based XSS vulnerability in OctoPrint allows attackers to inject malicious scripts that execute in users' browsers when viewing manipulated content. It affects all OctoPrint instances prior to version 1.8.0. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

📋 TL;DR

This DOM-based XSS vulnerability in OctoPrint allows attackers to inject malicious scripts that execute in users' browsers when viewing manipulated content. It affects all OctoPrint instances prior to version 1.8.0. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:

OctoPrint

Versions: All versions prior to 1.8.0

Operating Systems: Linux, Windows, macOS, Raspberry Pi OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all OctoPrint installations regardless of configuration.

📦 What is this software?

Octoprint by Octoprint

View all CVEs affecting Octoprint →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of OctoPrint instance allowing attacker to control 3D printers, steal credentials, or pivot to internal networks.

🟠

Likely Case

Session hijacking leading to unauthorized access to OctoPrint interface and printer control.

🟢

If Mitigated

Limited impact with proper network segmentation and browser security controls.

🌐 Internet-Facing: HIGH - Web interface exposed to internet increases attack surface significantly.

🏢 Internal Only: MEDIUM - Still vulnerable to internal threats and compromised devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but payloads are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.0 and later

Vendor Advisory: https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045

Restart Required: Yes

Instructions:

1. Backup current OctoPrint configuration. 2. Update via OctoPrint web interface: Settings → Software Update → Check for updates. 3. Install version 1.8.0 or later. 4. Restart OctoPrint service.

🔧 Temporary Workarounds

Content Security Policy (CSP)

all

Implement strict CSP headers to prevent script execution from untrusted sources.

Add to web server config: Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';

Network Isolation

linux

Restrict OctoPrint access to trusted networks only.

iptables -A INPUT -p tcp --dport 5000 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 5000 -j DROP

🧯 If You Can't Patch

Implement reverse proxy with WAF rules to filter malicious requests
Disable remote access and only allow local network connections

🔍 How to Verify

Check if Vulnerable:

Check OctoPrint version in web interface: Settings → About → Version. If version is below 1.8.0, system is vulnerable.

Check Version:

grep __version__ /path/to/octoprint/octoprint/__init__.py

Verify Fix Applied:

Verify version is 1.8.0 or higher and test XSS payloads no longer execute.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript execution in browser console
Suspicious URL parameters containing script tags

Network Indicators:

HTTP requests with script payloads in query parameters
Unusual outbound connections from OctoPrint server

SIEM Query:

source="octoprint.log" AND ("script" OR "javascript" OR "onerror" OR "onload")

📊 Metadata

CVE ID: CVE-2022-1430

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-79

Published: May 18, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045 Patch,Third Party Advisory
https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541 Exploit,Third Party Advisory
https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045 Patch,Third Party Advisory
https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1430, you might also want to check these: