Lack of data validation - Path Traversal In cups
Description
It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the lp user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Aliases
1. 2. 3.