Your submission was sent successfully! Close

CVE-2018-4300

Published: 3 April 2019

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
bionic
Released (2.2.7-1ubuntu2.2)
cosmic
Released (2.2.8-5ubuntu1.1)
focal Not vulnerable
(2.3.1-9ubuntu1.1)
precise Does not exist

trusty Does not exist

upstream
Released (2.2.10-1)
xenial
Released (2.1.3-4ubuntu0.6)

Notes

AuthorNote
mdeslaur
Updates for this issue were originally assigned CVE-2018-4700,
which was a typo and got rejected.

References

Bugs