Описание
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
Отчет
This vulnerability was originally assigned CVE-2018-4700, but after the publication of security errata the identifier was changed to CVE-2018-4300. Both identifiers refer to the same vulnerability. Since some sources use CVE-2018-4700 and others use CVE-2018-4300, Red Hat security advisories for this vulnerability have been amended to include both identifiers.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | cups | Will not fix | ||
| Red Hat Enterprise Linux 6 | cups | Will not fix | ||
| Red Hat Enterprise Linux 8 | cups | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected | ||
| Red Hat Enterprise Linux 7 | cups | Fixed | RHSA-2020:1050 | 31.03.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
The session cookie generated by the CUPS web interface was easy to gue ...
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
Уязвимость веб-интерфейса сервера печати CUPS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.3 High
CVSS3