CVE-2018-4300

Sažetak

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

Reference

http://www.securityfocus.com/bid/107785
https://github.com/apple/cups/releases/tag/v2.2.10
https://lists.debian.org/debian-lts-announce/2019/09/msg00028.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-09-2019 - 12:15

Objavljeno

03-04-2019 - 18:29