CVE-2018-4300: Infoleak
First published: Wed Apr 03 2019(Updated: )
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Cups | <2.2.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2018-4300.
What is the severity level of CVE-2018-4300?
The severity level of CVE-2018-4300 is medium.
What is the description of CVE-2018-4300?
CVE-2018-4300 is a security vulnerability in the CUPS web interface on Linux that allowed unauthorized scripted access when the web interface is enabled.
Which versions of CUPS are affected by CVE-2018-4300?
Versions prior to v2.2.10 of CUPS are affected by CVE-2018-4300.
How can I fix the CVE-2018-4300 vulnerability?
To fix the CVE-2018-4300 vulnerability, users should update to version 2.2.10 or later of CUPS.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apple
- canonical/apple cups