The `PaperCutNG Mobility Print` version 1.0.3512 application allows an
unauthenticated attacker to perform a CSRF attack on an instance
administrator to configure the clients host (in the "configure printer
discovery" section). This is possible because the application has no
protections against CSRF attacks, like Anti-CSRF tokens, header origin
validation, samesite cookies, etc.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/solveig/ | Exploit Third Party Advisory |
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server | Release Notes |
Configurations
Configuration 1 (hide)
AND |
|
History
22 Sep 2023, 18:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Apple
Papercut mobility Print Server Papercut Apple macos |
|
References | (MISC) https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server - Release Notes | |
References | (MISC) https://fluidattacks.com/advisories/solveig/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:a:papercut:mobility_print_server:1.0.3512:*:*:*:*:*:*:* |
|
CWE | CWE-352 |
20 Sep 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-20 16:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-2508
Mitre link : CVE-2023-2508
CVE.ORG link : CVE-2023-2508
JSON object : View
Products Affected
apple
- macos
papercut
- mobility_print_server
CWE
CWE-352
Cross-Site Request Forgery (CSRF)