OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in authentication bypass. Any configuration that allows an AuthType that is not Basic is affected. Version 2.4.13 fixes the issue.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cups | Openprinting | * | 2.4.13 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | cups-1:2.4.10-11.el10_0.1 | * |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | cups-1:1.6.3-52.el7_9.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | cups-1:2.2.6-63.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | cups-1:2.2.6-63.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | cups-1:2.2.6-33.el8_2.3 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | cups-1:2.2.6-38.el8_4.3 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | cups-1:2.2.6-38.el8_4.3 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | cups-1:2.2.6-45.el8_6.6 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | cups-1:2.2.6-45.el8_6.6 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | cups-1:2.2.6-45.el8_6.6 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | cups-1:2.2.6-51.el8_8.5 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | cups-1:2.2.6-51.el8_8.5 | * |
| Red Hat Enterprise Linux 9 | RedHat | cups-1:2.3.3op2-33.el9_6.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | cups-1:2.3.3op2-33.el9_6.1 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | cups-1:2.3.3op2-13.el9_0.4 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | cups-1:2.3.3op2-16.el9_2.4 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | cups-1:2.3.3op2-27.el9_4.1 | * |
| Red Hat OpenShift Container Platform 4.12 | RedHat | rhcos-412.86.202510291903-0 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.36.0-11 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-data-index-postgresql-rhel8:1.36.0-11 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-db-migrator-tool-rhel8:1.36.0-11 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.36.0-10 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.36.0-10 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.36.0-4 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-management-console-rhel8:1.36.0-9 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-operator-bundle:1.36.0-12 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-rhel8-operator:1.36.0-18 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-swf-builder-rhel8:1.36.0-11 | * |
| RHOSS-1.36-RHEL-8 | RedHat | openshift-serverless-1/logic-swf-devmode-rhel8:1.36.0-7 | * |
| Cups | Ubuntu | devel | * |
| Cups | Ubuntu | esm-infra/bionic | * |
| Cups | Ubuntu | esm-infra/focal | * |
| Cups | Ubuntu | esm-infra/xenial | * |
| Cups | Ubuntu | jammy | * |
| Cups | Ubuntu | noble | * |
| Cups | Ubuntu | plucky | * |
| Cups | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html