cups uses an easy-to-guess session cookie. This allows an attacker to guess the cookie value and gain access to the web interface.
www.securityfocus.com/bid/107785
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index
access.redhat.com/errata/RHSA-2020:1050
access.redhat.com/security/updates/classification/#moderate
github.com/apple/cups/releases/tag/v2.2.10
lists.debian.org/debian-lts-announce/2019/09/msg00028.html