Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-32360

Опубликовано: 06 дек. 2022
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.

A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.

Отчет

This vulnerability is classified as important according to Red Hat's Severity Rating Classification, as unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach. https://access.redhat.com/security/updates/classification

Меры по смягчению последствий

The user can either set 'PreserveJobFiles No' in cupsd.conf which will completely shut off the saving the job files, thereby preventing the attacker to get a file or restrict access in firewall and in cupsd to trusted users.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6cupsOut of support scope
Red Hat Enterprise Linux 7cupsFixedRHSA-2023:476628.08.2023
Red Hat Enterprise Linux 8cupsFixedRHSA-2023:486429.08.2023
Red Hat Enterprise Linux 8cupsFixedRHSA-2023:486429.08.2023
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionscupsFixedRHSA-2023:476528.08.2023
Red Hat Enterprise Linux 8.2 Advanced Update SupportcupsFixedRHSA-2023:477128.08.2023
Red Hat Enterprise Linux 8.2 Telecommunications Update ServicecupsFixedRHSA-2023:477128.08.2023
Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionscupsFixedRHSA-2023:477128.08.2023
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportcupsFixedRHSA-2023:476828.08.2023
Red Hat Enterprise Linux 8.4 Telecommunications Update ServicecupsFixedRHSA-2023:476828.08.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2230495cups: Information leak through Cups-Get-Document operation

EPSS

Процентиль: 10%
0.00037
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-32360

CVSS3: 5.5
ubuntu
около 2 лет назад

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.

nvd логотип

CVE-2023-32360

CVSS3: 5.5
nvd
около 2 лет назад

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.

debian логотип

CVE-2023-32360

CVSS3: 5.5
debian
около 2 лет назад

An authentication issue was addressed with improved state management. ...

rocky логотип

RLSA-2023:4864

rocky
почти 2 года назад

Important: cups security update

rocky логотип

RLSA-2023:4838

rocky
почти 2 года назад

Important: cups security update

EPSS

Процентиль: 10%
0.00037
Низкий

6.5 Medium

CVSS3