Show plain JSON{"affected_release": [{"advisory": "RHSA-2020:1050", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "cups-1:1.6.3-43.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}], "bugzilla": {"description": "cups: Predictable session cookie breaks CSRF protection", "id": "1649347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649347"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-384", "details": ["[REJECTED CVE] A predictable session cookie vulnerability was identified in the CUPS printing server. Insufficient randomness in session cookie generation made it easy to guess, undermining CSRF protection. This flaw allowed unauthorized scripted access to the CUPS web interface when enabled, posing a risk of unauthorized control or configuration of the printing server."], "name": "CVE-2018-4700", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-4700\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4700"], "statement": "This vulnerability was originally assigned CVE-2018-4700, but after the publication of security errata the identifier was changed to CVE-2018-4300. Both identifiers refer to the same vulnerability. Since some sources use CVE-2018-4700 and others use CVE-2018-4300, Red Hat security advisories for this vulnerability have been amended to include both identifiers.", "threat_severity": "Moderate"}