Lucene search

PaperCutVULNRICHMENT:CVE-2024-1221

HistoryMar 14, 2024 - 3:01 a.m.

CVE-2024-1221 Improper access controls on APIs on Linux and macOS in PaperCut NG/MF

2024-03-1403:01:05

CWE-76

PaperCut

github.com

cve-2024-1221

improper access controls

papercut ng/mf

linux

macos

server files

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.

References

www.papercut.com/kb/Main/Security-Bulletin-March-2024

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1221