BIT-guacamole-server-2020-11997

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/guacamole-server/BIT-guacamole-server-2020-11997.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-guacamole-server-2020-11997

Aliases

Published

2024-03-06T10:54:07.994Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E

Affected packages

Bitnami / guacamole-server

Package

Name: guacamole-server
Purl: pkg:bitnami/guacamole-server

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.0