{
  "threat_severity" : "Important",
  "public_date" : "2022-12-06T00:00:00Z",
  "bugzilla" : {
    "description" : "cups: Information leak through Cups-Get-Document operation",
    "id" : "2230495",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2230495"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.", "A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach." ],
  "statement" : "This vulnerability is classified as important according to Red Hat's Severity Rating Classification, as unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.\nhttps://access.redhat.com/security/updates/classification",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4766",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "cups-1:1.6.3-52.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-08-29T00:00:00Z",
    "advisory" : "RHSA-2023:4864",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "cups-1:2.2.6-51.el8_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-08-29T00:00:00Z",
    "advisory" : "RHSA-2023:4864",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "cups-1:2.2.6-51.el8_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4765",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.1",
    "package" : "cups-1:2.2.6-28.el8_1.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4771",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "cups-1:2.2.6-33.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4771",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.2",
    "package" : "cups-1:2.2.6-33.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4771",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.2",
    "package" : "cups-1:2.2.6-33.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4768",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "cups-1:2.2.6-38.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4768",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.4",
    "package" : "cups-1:2.2.6-38.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4768",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.4",
    "package" : "cups-1:2.2.6-38.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4770",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "cups-1:2.2.6-45.el8_6.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-08-29T00:00:00Z",
    "advisory" : "RHSA-2023:4838",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "cups-1:2.3.3op2-16.el9_2.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-08-29T00:00:00Z",
    "advisory" : "RHSA-2023:4838",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "cups-1:2.3.3op2-16.el9_2.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2023-08-28T00:00:00Z",
    "advisory" : "RHSA-2023:4769",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "cups-1:2.3.3op2-13.el9_0.2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-32360\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32360" ],
  "name" : "CVE-2023-32360",
  "mitigation" : {
    "value" : "The user can either set 'PreserveJobFiles No' in cupsd.conf which will completely shut off the saving the job files, thereby preventing the attacker to get a file or restrict access in firewall and in cupsd to trusted users.",
    "lang" : "en:us"
  },
  "csaw" : false
}