ROSA LABROSA-SA-2021-1816Advisory ROSA-SA-2021-1816
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.016 Low
EPSS
Percentile
87.3%
Software: cups 1.6.3
OS: Cobalt 7.9
CVE-ID: CVE-2013-6891
CVE-Crit: HIGH
CVE-DESC: lppasswd in CUPS before 1.7.1 when run with setuid privileges allows local users to read parts of arbitrary files via modified HOME environment variable and symbolic link attack using .cups / client.conf.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-18248
CVE-Crit: MEDIUM
CVE-DESC: The add_job function in scheduler / ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be reset by remote attackers by sending print jobs with an invalid user name associated with a D-Bus notification. .
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2018-4300
CVE-Crit: MEDIUM
CVE-DESC: A session cookie generated by the CUPS web interface was easily guessed on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
CVE-STATUS: default
CVE-REV: default
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.016 Low
EPSS
Percentile
87.3%