CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
Max CVSS
7.2
EPSS Score
0.11%
Published
2012-11-20
Updated
2023-02-13
1 vulnerabilities found