#VU87612 Information disclosure in PaperCut MF and PaperCut NG


Published: 2024-03-19

Vulnerability identifier: #VU87612

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1223

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PaperCut MF
Other software / Other software solutions
PaperCut NG
Other software / Other software solutions

Vendor: PaperCut Software

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application's API. A remote user can gain unauthorized access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PaperCut MF: 23.0.1 - 23.0.6, 20.1.9, 22.0.6 - 22.1.4, 21.2.13

PaperCut NG: 23.0.1 - 23.0.6, 21.2.0 - 21.2.13, 20.1.9, 22.0.6 - 22.1.4

External links
http://www.papercut.com/kb/Main/Security-Bulletin-March-2024

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in PaperCut NG/MF