CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
CUPS before 2.0 allows local users to read arbitrary files via a symlink
attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5)
index.pyc, or (6) index.py.
Author | Note |
---|---|
mdeslaur | The patch below introduces a regression preventing the web interface from being able to read log files. (See comments in bug 4455.) |