The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. Rated low severity (CVSS 1.2). No vendor patch available.
Information Disclosure
Cups
Ubuntu Linux
Fedora
NVD
CVSS 2.0
1.2
EPSS
0.1%