Lucene search

[email protected]CVE-2021-41767

HistoryJan 11, 2022 - 10:15 p.m.

CVE-2021-41767

2022-01-1122:15:00

CWE-200

[email protected]

web.nvd.nist.gov

apache guacamole

cve-2021-41767

security vulnerability

private tunnel

rest api

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user’s active use of that same connection.

CPENameOperatorVersion
apache:guacamoleapache guacamolele1.3.0

CPE	Name	Operator	Version
apache:guacamole	apache guacamole	le	1.3.0

References

www.openwall.com/lists/oss-security/2022/01/11/6

lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2021-41767

cnvd1 osv3 prion1 veracode1 cvelist1 ubuntucve1 debiancve1 openvas1