Bug 1131480 - (CVE-2018-4300) VUL-0: CVE-2018-4300: cups: Session cookie generated by the CUPS web interface is easy to guess
(CVE-2018-4300)
VUL-0: CVE-2018-4300: cups: Session cookie generated by the CUPS web interfac...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Major
: ---
Assigned To: Johannes Meixner
Security Team bot
https://smash.suse.de/issue/212728/
CVSSv3:SUSE:CVE-2018-4300:8.1:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-04 06:40 UTC by Marcus Meissner
Modified: 2020-08-20 02:17 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-04-04 06:40:42 UTC
rh#1695929

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

References:

https://github.com/apple/cups/releases/tag/v2.2.10

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1695929
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4300
https://github.com/apple/cups/releases/tag/v2.2.10
Comment 1 Johannes Meixner 2019-04-04 07:38:51 UTC
And what about our bug#1115750 ?
Comment 2 Marcus Meissner 2019-04-04 09:07:22 UTC
It seems a typo duplicate of CVE-2018-4700. I filed a dup request with Mitre.
Comment 3 Johannes Meixner 2019-04-11 07:10:15 UTC
FYI:
CVE-2018-4300 versus CVE-2018-4700 confusion also at CUPS upstream:
https://github.com/apple/cups/issues/5561
Comment 4 Marcus Meissner 2019-04-11 12:28:22 UTC
This is the result of my query with Mitre I think. lets see what happens.