Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:10 relevant versions.
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
cups to version 1.7.4-2 or higher.