CVE-2018-4300

MEDIUM

CUPS < 2.2.10 - Unauthenticated Exposure of Sensitive Information via Weak Session Cookie

Title source: llm
STIX 2.1

Description

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

References (3)

Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/apple/cups/releases/tag/v2.2.10
Third Party Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107785
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00028.html

Scores

CVSS v3 5.9
EPSS 0.0184
EPSS Percentile 76.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
apple/cups < 2.2.10
Published Apr 03, 2019
Tracked Since Feb 18, 2026