CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
77.0%
The web interface in CUPS before 2.0 does not check that files have
world-readable permissions, which allows remote attackers to obtains
sensitive information via unspecified vectors.
Author | Note |
---|---|
mdeslaur | The patch below introduces a regression preventing the web interface from being able to read log files. (See comments in bug 4455.) |