Security Advisory

Corona Virus banner illustration – Microbiology And Virology Concept – by Mike Fouque

Normaly bugs can only be used for remote hacking if you publish the Repetier-Server to the internet. In all other cases it is only hackable from your local intranet, where only trusted persons should have access. If you publish Repetier-Server to the internet we strongly recommend to define user accounts in Repetier-Server. All security bugs below are only usable, when no users were defined.

CVE-2019-14450

Type
Directory traversal bug in printer creation

Solution
Upgrade to Repetier-Server 0.92.0 (27. July 2019) or higher.

Thanks to Ryan Wincey of Blizzard for reporting.

CVE-2019-14451

Type
Insufficient validation on printer configuration file upload

Solution
Upgrade to Repetier-Server 0.92.0 (27. July 2019) or higher.

Thanks to Ryan Wincey of Blizzard for reporting.