Bug 1131480 (CVE-2018-4300)

Summary: VUL-0: CVE-2018-4300: cups: Session cookie generated by the CUPS web interface is easy to guess
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Johannes Meixner <jsmeix>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P5 - None CC: meissner, roger.whittaker, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/212728/
Whiteboard: CVSSv3:SUSE:CVE-2018-4300:8.1:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-04-04 06:40:42 UTC
rh#1695929

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

References:

https://github.com/apple/cups/releases/tag/v2.2.10

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1695929
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4300
https://github.com/apple/cups/releases/tag/v2.2.10
Comment 1 Johannes Meixner 2019-04-04 07:38:51 UTC
And what about our bug#1115750 ?
Comment 2 Marcus Meissner 2019-04-04 09:07:22 UTC
It seems a typo duplicate of CVE-2018-4700. I filed a dup request with Mitre.
Comment 3 Johannes Meixner 2019-04-11 07:10:15 UTC
FYI:
CVE-2018-4300 versus CVE-2018-4700 confusion also at CUPS upstream:
https://github.com/apple/cups/issues/5561
Comment 4 Marcus Meissner 2019-04-11 12:28:22 UTC
This is the result of my query with Mitre I think. lets see what happens.