CVE-2018-4300
MEDIUMCUPS < 2.2.10 - Unauthenticated Exposure of Sensitive Information via Weak Session Cookie
Title source: llmDescription
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/apple/cups/releases/tag/v2.2.10
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107785
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00028.html
Scores
CVSS v3
5.9
EPSS
0.0184
EPSS Percentile
76.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
apple/cups
< 2.2.10
Published
Apr 03, 2019
Tracked Since
Feb 18, 2026