VDB
CVE-2013-6891
CVE-2013-6891
PUBLISHED
CVSS 1.2000000476837158 LOW
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
EPSS 0.05% · 14.5th percentile
Risk Scores
CVSS 2.0
1.2000000476837158
EPSS Score
0.05%
14.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apple | cups | 0, 1.7, 1.7.1 |
| n/a | n/a | n/a |
| canonical | ubuntu_linux | 13.10, 12.10, 13.04 |
Timeline
- Jan 26, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- http://advisories.mageia.org/MGASA-2014-0021.html url
- http://www.cups.org/blog.php?L704 url
- USN-2082-1 vendor-advisory
- MDVSA-2014:015 vendor-advisory
- 56531 third-party-advisory
- http://www.cups.org/str.php?L4319 url
- https://nvd.nist.gov/vuln/detail/CVE-2013-6891 advisory