CVE-2008-1033 — Apple Cups vulnerability

CWE-2647 documents7 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 57.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups

Timeline

PublishedJun 2

Latest updateMay 1

Description

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶Debianapple/cups< 1.3.7-1+3

🔴Vulnerability Details

GHSA

GHSA-mjfh-xcvw-r3vp: The scheduler in CUPS in Apple Mac OS X 10↗2022-05-01

▶

CVEList

CVE-2008-1033: The scheduler in CUPS in Apple Mac OS X 10↗2008-06-02

▶

OSV

CVE-2008-1033: The scheduler in CUPS in Apple Mac OS X 10↗2008-06-02

▶

📋Vendor Advisories

Red Hat

cups: password disclosure via debug log↗2008-05-28

▶

Debian

CVE-2008-1033: cups - The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging i...↗2008

▶

💬Community

Bugzilla

CVE-2008-1033 cups: password disclosure via debug log↗2008-06-03

▶