Alpaquita Linux
Security Advisory

CVE-2018-4300

Published: August 31, 2023Last modified: August 31, 2023

Description

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

Severity score breakdown

ParameterValue
Base score5.9
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTScupsNot affected (2.4.2-r4)
StreamcupsNot affected (2.4.6-r0)

References

ON THIS PAGE