Lucene search
Veracode Vulnerability DatabaseVERACODE:33602HistoryJan 12, 2022 - 4:47 a.m.
Information Disclosure
2022-01-1204:47:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
guacamole-common
information disclosure
vulnerability
private tunnel identifier
rest responses
authenticated attacker
active session
EPSS
0.001
Percentile
17.4%
guacamole-common is vulnerable to information disclosure. The vulnerability exists due to the incorrectly included private tunnel identifier in non-private details of some REST responses, allowing an authenticated attacker to interact with another user’s active session.
References
www.openwall.com/lists/oss-security/2022/01/11/6
github.com/advisories/GHSA-8jvg-8759-x9j6
github.com/apache/guacamole-client/commit/0597358dde292d739809cd7426e0b55921372ccf
github.com/apache/guacamole-client/pull/649
guacamole.apache.org/releases/1.4.0/
issues.apache.org/jira/browse/GUACAMOLE-956
lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro
www.openwall.com/lists/oss-security/2022/01/11/6
Related
cve
cve
CVE-2021-41767
2022-01-11 22:15:07
prion
prion
Design/Logic Flaw
2022-01-11 22:15:00
ubuntucve
ubuntucve
CVE-2021-41767
2022-01-11 00:00:00
cvelist
cvelist
debiancve
debiancve
CVE-2021-41767
2022-01-11 22:15:00
osv
osv
BIT-guacamole-2021-41767
2024-03-06 10:53:35
BIT-guacamole-server-2021-41767
2024-03-06 10:53:36
CVE-2021-41767
2022-01-11 22:15:07
nvd
nvd
CVE-2021-41767
2022-01-11 22:15:07
cnvd
cnvd
Apache Guacamole Information Disclosure Vulnerability (CNVD-2022-04988)
2022-01-12 00:00:00
openvas
openvas
Apache Guacamole < 1.4.0 Multiple Vulnerabilities
2022-01-12 00:00:00