The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2008-11-21T02:00:00

Updated: 2024-08-07T10:40:17.249Z

Reserved: 2008-11-20T00:00:00

Link: CVE-2008-5184

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-11-21T02:30:00.467

Modified: 2024-11-21T00:53:30.103

Link: CVE-2008-5184

cve-icon Redhat

Severity : Moderate

Publid Date: 2008-03-27T00:00:00Z

Links: CVE-2008-5184 - Bugzilla