ZDI-23-233: PaperCut NG SetupCompleted Improper Access Control Authentication Bypass Vulnerability
First published: Tue Mar 14 2023(Updated: )
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability.
| Affected Software | Affected Version | How to fix |
|---|---|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is ZDI-23-233?
ZDI-23-233 is a vulnerability in PaperCut NG that allows remote attackers to bypass authentication on affected installations.
How does the vulnerability in PaperCut NG work?
The vulnerability exists within the SetupCompleted class and is caused by improper access control.
What is the severity of ZDI-23-233?
The severity of ZDI-23-233 is critical, with a CVSS score of 9.8.
Which software is affected by ZDI-23-233?
PaperCut NG installations are affected by ZDI-23-233.
Is authentication required to exploit ZDI-23-233?
No, authentication is not required to exploit ZDI-23-233.
- collector/zdi-published
- alias/ZDI-CAN-18987
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-233
- alias/CVE-2023-27350
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/title
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/papercut
- canonical/papercut ng