Potential Exposure of Files on PaperCut NG/MF Servers via API Endpoint
CVE-2024-1221

3.1LOW

Key Information:

Vendor: Papercut
Status: Papercut Ng, Papercut Mf
Vendor: CVE Published:; 14 March 2024

Summary

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.

Affected Version(s)

PaperCut NG, PaperCut MF MacOS 0

PaperCut NG, PaperCut MF MacOS 0 < 23.0.7

PaperCut NG, PaperCut MF MacOS 0 < 22.1.5

References

https://www.papercut.com/kb/Main/Security-Bulletin-March-...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2024
Vulnerability Reserved
Feb 5, 2024