Cross site request forgery (csrf)

2008-11-2102:30:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.2%

JSON

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

CPENameOperatorVersion
cupseq1.1.20
cupseq1.1.5-2
cupseq1.1.14
cupseq1.3 rc2
cupseq1.1.6-1
cupseq1.1.18
cupseq1.1.12
cupsle1.3.7
cupseq1.1.5-1
cupseq1.3.3