CVE-2021-41767
maven/org.apache.guacamole/guacamole-common
Exposure of Sensitive Information to an Unauthorized Actor
Apache Guacamole may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
All versions up to 1.3.0
Upgrade to version 1.4.0 or above.
2022-01-16
source |