CVE-2024-1221 LOW

CVE-2024-1221: Improper access controls on APIs on Linux and macOS in PaperCut NG/MF

Vendor Papercut
Product PaperCut NG, PaperCut MF
Weakness CWE-76
Published March 14, 2024
Last update September 26, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.

Key dates

02Disclosure timeline

March 14, 2024 CVE published
September 26, 2024 Record updated