Описание
[REJECTED CVE] A predictable session cookie vulnerability was identified in the CUPS printing server. Insufficient randomness in session cookie generation made it easy to guess, undermining CSRF protection. This flaw allowed unauthorized scripted access to the CUPS web interface when enabled, posing a risk of unauthorized control or configuration of the printing server.
Отчет
This vulnerability was originally assigned CVE-2018-4700, but after the publication of security errata the identifier was changed to CVE-2018-4300. Both identifiers refer to the same vulnerability. Since some sources use CVE-2018-4700 and others use CVE-2018-4300, Red Hat security advisories for this vulnerability have been amended to include both identifiers.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | cups | Will not fix | ||
| Red Hat Enterprise Linux 6 | cups | Will not fix | ||
| Red Hat Enterprise Linux 8 | cups | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected | ||
| Red Hat Enterprise Linux 7 | cups | Fixed | RHSA-2020:1050 | 31.03.2020 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
7.3 High
CVSS3