{
  "threat_severity" : "Moderate",
  "public_date" : "2018-05-09T00:00:00Z",
  "bugzilla" : {
    "description" : "cups: Local privilege escalation to root due to insecure environment variable handling",
    "id" : "1607282",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1607282"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.7",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-642",
  "details" : [ "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.", "It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. Affected backends use attacker-controlled environment variables without proper sanitization. A local attacker, who is part of one of the groups specified in the SystemGroups directive, could use the cupsctl binary to set SetEnv and PassEnv directives and potentially controls the flow of the affected backend, resulting in some cases in arbitrary code execution with root privileges." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-31T00:00:00Z",
    "advisory" : "RHSA-2020:1050",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "cups-1:1.6.3-43.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-4180\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4180" ],
  "name" : "CVE-2018-4180",
  "mitigation" : {
    "value" : "Do not add untrusted users to sys and root groups.",
    "lang" : "en:us"
  },
  "csaw" : false
}