CVE-2021-41767

Exposure of Sensitive Information to an Unauthorized Actor in maven/org.apache.guacamole/guacamole-common

Identifiers

CVE-2021-41767

Package Slug

maven/org.apache.guacamole/guacamole-common

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

Apache Guacamole may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.

Affected Versions

All versions up to 1.3.0

Solution

Upgrade to version 1.4.0 or above.

Last Modified

2022-01-16

source