CVE-2023-2508

Name of the Vulnerable Software and Affected Versions PaperCutNG Mobility Print version 1.0.3512

Description The PaperCutNG Mobility Print application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the client's host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc.

Recommendations For PaperCutNG Mobility Print version 1.0.3512, consider implementing Anti-CSRF tokens, header origin validation, or samesite cookies to protect against CSRF attacks. As a temporary workaround, restrict access to the "configure printer discovery" section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.