The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
IMO it is the same vulnerability which is being taken care of in https://bugzilla.redhat.com/show_bug.cgi?id=1649347 .
Or at least it is the same patch which fixes it :) .
Based on upstream ticket https://github.com/apple/cups/issues/5561 closing as duplicate.
*** This bug has been marked as a duplicate of bug 1649347 ***
This vulnerability was originally assigned CVE-2018-4700, but after the publication of security errata the identifier was changed to CVE-2018-4300. Both identifiers refer to the same vulnerability. Since some sources use CVE-2018-4700 and others use CVE-2018-4300, Red Hat security advisories for this vulnerability have been amended to include both identifiers.