CVE-2004-0923 — Software Products Cups vulnerability

7 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 72.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Apple MAC OS X Apple MAC OS X Server +1 more

Timeline

PublishedJan 27

Latest updateApr 29

Description

CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶Debianapple/cups< 1.1.20final+rc1-9+3

▶NVDeasy_software_products/cups21 versions+20

▶NVDapple/mac_os_x15 versions+14

▶NVDapple/mac_os_x_server15 versions+14

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-5vjf-3cwc-4r7f: CUPS 1↗2022-04-29

▶

OSV

CVE-2004-0923: CUPS 1↗2005-01-27

▶

CVEList

CVE-2004-0923: CUPS 1↗2004-10-26

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-09-30

▶

Debian

CVE-2004-0923: cups - CUPS 1.1.20 and earlier records authentication information for a device URI in t...↗2004

▶

💬Community

Bugzilla

CVE-2004-0923 security flaw↗2018-08-16

▶