Session Cookie Vulnerability in CUPS Web Interface on Linux
CVE-2018-4300

5.9MEDIUM

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 3 April 2019

What is CVE-2018-4300?

The CUPS web interface on Linux was found to have a vulnerability related to its session cookie generation. This flaw allowed for easy guessing of session cookies, potentially granting unauthorized scripted access to the web interface when it is enabled. This issue affects versions prior to v2.2.10, highlighting the necessity for users to update their installations to mitigate potential security risks.

Affected Version(s)

CUPS Versions prior to: v2.2.10

References

https://github.com/apple/cups/releases/tag/v2.2.10

x_refsource_MISC

http://www.securityfocus.com/bid/107785

vdb-entryx_refsource_BID

https://lists.debian.org/debian-lts-announce/2019/09/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2019
Vulnerability Reserved
Jan 2, 2018

Apple

What is CVE-2018-4300?

Affected Version(s)

References

CVSS V3.1

Timeline