CVE-2018-4300

CWE-200 — Information Exposure CWE-330 CWE-3849 documents8 sources

Severity

5.9MEDIUM

EPSS

0.4%

top 40.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups

Timeline

PublishedApr 3

Latest updateMay 13

Description

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDapple/cups< 2.2.10

▶Debiancups< 2.2.10-1+3

▶CVEListV5cupsVersions prior to: v2.2.10

🔴Vulnerability Details

GHSA

GHSA-7w9x-rg6m-2fh9: The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the↗2022-05-13

▶

CVEList

CVE-2018-4300: The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the↗2019-04-03

▶

OSV

CVE-2018-4300: The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the↗2019-04-03

▶

📋Vendor Advisories

Red Hat

cups: Session cookie generated by the CUPS web interface is easy to guess↗2019-04-03

▶

Red Hat

cups: Predictable session cookie breaks CSRF protection↗2018-12-07

▶

CVE-2018-5507: On F5 BIG-IP versions 13↗2018-04-13

▶

Debian

CVE-2018-4300: cups - The session cookie generated by the CUPS web interface was easy to guess on Linu...↗2018

▶

💬Community

Bugzilla

CVE-2018-4300 cups: Session cookie generated by the CUPS web interface is easy to guess↗2019-04-03

▶