CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
49.9%
xrdp is vulnerable to Improper Session Handling. This vulnerability can be exploited by an attacker to bypass OS-level session restrictions. For example, an attacker could use this vulnerability to establish multiple concurrent sessions to a system, even if the system is configured to only allow a single session per user.
github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19
github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23
github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
lists.fedoraproject.org/archives/list/[email protected]/message/SOT237TIHTHPX5YNIWLVNINOEYC7WMG2/
lists.fedoraproject.org/archives/list/[email protected]/message/U5IXMQODV3OIJ7DRQBUQV7PUKNT7SH36/
lists.fedoraproject.org/archives/list/[email protected]/message/URO3FKTFBPNKFARAQBEJLI4MH6YS35P5/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml