Main Vulnerability Database Vulnerabilities #VU59552

#VU59552 Information disclosure in Guacamole - CVE-2021-41767

Published: January 12, 2022

Vulnerability identifier: #VU59552

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-41767

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Guacamole

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to the application includes a private tunnel identifier in the non-private details of some REST responses. A remote user can obtain the private tunnel identifier and use it to interact with another user's active use of that same connection.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro
http://www.openwall.com/lists/oss-security/2022/01/11/6

#VU59552 Information disclosure in Guacamole - CVE-2021-41767

Description

Remediation

External links

Please verify you're human