Lucene search
China National Vulnerability DatabaseCNVD-2022-04988HistoryJan 12, 2022 - 12:00 a.m.
Apache Guacamole Information Disclosure Vulnerability (CNVD-2022-04988)
2022-01-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
17
apache
guacamole
information disclosure
vulnerability
remote desktop gateway
vnc
rdp
ssh
apache foundation
united states
rest
security vulnerability
private tunnel
authenticated user
connection
EPSS
0.001
Percentile
17.4%
Apache Guacamole is a clientless remote desktop gateway from the Apache Foundation in the United States. The product supports protocols such as VNC, RDP, and SSH. A security vulnerability exists in Apache Guacamole 1.3.0, which stems from the fact that Apache Guacamole 1.3.0 and earlier versions may incorrectly include private tunnel identifiers in the non-private details of some REST responses. This could allow an authenticated user who already has access to a specific connection to read from or interact with other users’ active use of the same connection. No detailed vulnerability details are currently available.
Related
debiancve
debiancve
CVE-2021-41767
2022-01-11 22:15:00
osv
osv
BIT-guacamole-2021-41767
2024-03-06 10:53:35
BIT-guacamole-server-2021-41767
2024-03-06 10:53:36
CVE-2021-41767
2022-01-11 22:15:07
nvd
nvd
CVE-2021-41767
2022-01-11 22:15:07
cve
cve
CVE-2021-41767
2022-01-11 22:15:07
prion
prion
Design/Logic Flaw
2022-01-11 22:15:00
ubuntucve
ubuntucve
CVE-2021-41767
2022-01-11 00:00:00
veracode
veracode
Information Disclosure
2022-01-12 04:47:53
cvelist
cvelist
openvas
openvas
Apache Guacamole < 1.4.0 Multiple Vulnerabilities
2022-01-12 00:00:00