CVE-2008-5184

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2008-5184

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2008-5184.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2008-5184

Published

2008-11-21T02:30:00Z

Modified

2024-11-21T00:53:30Z

Summary

[none]

Details

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

References

Affected packages

Debian:11 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}