CVE-2021-41767
N/A
N/A
Summary
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Guacamole | unspecified <= 1.3.0 | affected |
Weaknesses
- CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro
- http://www.openwall.com/lists/oss-security/2022/01/11/6
References
- https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro
- http://www.openwall.com/lists/oss-security/2022/01/11/6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.