guacamole-common is vulnerable to information disclosure. The vulnerability exists due to the incorrectly included private tunnel identifier in non-private details of some REST responses, allowing an authenticated attacker to interact with another user’s active session.
www.openwall.com/lists/oss-security/2022/01/11/6
github.com/advisories/GHSA-8jvg-8759-x9j6
github.com/apache/guacamole-client/commit/0597358dde292d739809cd7426e0b55921372ccf
github.com/apache/guacamole-client/pull/649
guacamole.apache.org/releases/1.4.0/
issues.apache.org/jira/browse/GUACAMOLE-956
lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro
www.openwall.com/lists/oss-security/2022/01/11/6