Main Vulnerability Database Vulnerabilities #VU17333

#VU17333 Information disclosure in Guacamole - CVE-2018-1340

Published: January 31, 2019

Vulnerability identifier: #VU17333

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1340

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Guacamole

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to use of a cookie for client-side storage of the user's session token that can leak the "secure" flag. A remote attacker can eavesdrop on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.

Remediation

Update to versions 1.0.0.

External links

http://mail-archives.us.apache.org/mod_mbox/www-announce/201901.mbox/%3CCALKeL-O+=Rxbd0y+hSB9=Y0N400A8sV2BiKgZfNsjGxZipA-uQ@mail.gmail.com%3E

#VU17333 Information disclosure in Guacamole - CVE-2018-1340

Description

Remediation

External links

Please verify you're human