CVE-2021-43999

Published: Jan 11, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

Vendor	Product	Versions
Apache Software Foundation	Apache Guacamole	affected `1.3.0` affected `1.2.0`

Weaknesses (CWE)

CWE-287

References

https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9

x_refsource_MISC

[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-43999

Description

Affected Products

Weaknesses (CWE)

References