Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-58060

Опубликовано: 11 сент. 2025
Источник: debian
EPSS Низкий

Описание

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
cupsfixed2.4.10-4package

Примечания

  • https://www.openwall.com/lists/oss-security/2025/09/11/1

  • Fixed by: https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221 (v2.4.13)

EPSS

Процентиль: 17%
0.00054
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-58060

CVSS3: 8
ubuntu
около 2 месяцев назад

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

redhat логотип

CVE-2025-58060

CVSS3: 8
redhat
около 2 месяцев назад

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

nvd логотип

CVE-2025-58060

CVSS3: 8
nvd
около 2 месяцев назад

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

msrc логотип

CVE-2025-58060

CVSS3: 8
msrc
около 2 месяцев назад

cups has Authentication bypass with AuthType Negotiate

rocky логотип

RLSA-2025:15702

rocky
около 1 месяца назад

Important: cups security update

EPSS

Процентиль: 17%
0.00054
Низкий