Published: 03 April 2019
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
CVSS 3 base score: 5.9
Launchpad, Ubuntu, Debian
|Ubuntu 20.04 LTS (Focal Fossa)||
|Ubuntu 18.04 LTS (Bionic Beaver)||
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
Upstream: https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c (2.2.10)
Upstream: https://github.com/apple/cups/commit/b9ff93ce913ff633a3f667317e5a81fa7fe0d5d3 (2.3b6)
Updates for this issue were originally assigned CVE-2018-4700, which was a typo and got rejected.