QwikSec

Security Database

CVE

CWE

Training

CVE-2021-41767

Published: Jan 11, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.

Vendor	Product	Versions
Apache Software Foundation	Apache Guacamole	affected `unspecified - <= 1.3.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro

x_refsource_MISC

[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.