Lucene search
ApacheCVELIST:CVE-2021-41767HistoryJan 11, 2022 - 10:10 p.m.
CVE-2021-41767 Private tunnel identifier may be included in the non-private details of active connections
2022-01-1122:10:11
CWE-200
apache
www.cve.org
7
apache guacamole
1.3.0
security vulnerability
rest
user permission
active connections
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user’s active use of that same connection.
CNA Affected
[
{
"product": "Apache Guacamole",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-01-11 22:15:00
veracode
veracode
Information Disclosure
2022-01-12 04:47:53
ubuntucve
ubuntucve
CVE-2021-41767
2022-01-11 00:00:00
debiancve
debiancve
CVE-2021-41767
2022-01-11 22:15:00
osv
osv
BIT-guacamole-2021-41767
2024-03-06 10:53:35
BIT-guacamole-server-2021-41767
2024-03-06 10:53:36
CVE-2021-41767
2022-01-11 22:15:07
nvd
nvd
CVE-2021-41767
2022-01-11 22:15:07
cve
cve
CVE-2021-41767
2022-01-11 22:15:07
cnvd
cnvd
Apache Guacamole Information Disclosure Vulnerability (CNVD-2022-04988)
2022-01-12 00:00:00
openvas
openvas
Apache Guacamole < 1.4.0 Multiple Vulnerabilities
2022-01-12 00:00:00