ALAS-2014-438 ---- cupsID: oval:org.secpod.oval:def:1600019 | Date: (C)2016-01-19 (M)2023-02-20 |
Class: PATCH | Family: unix |
A cross-site scripting flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the "lp" group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system
Platform: |
Amazon Linux AMI |