CVE-2020-11997

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11997

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11997.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-11997

Aliases

Related

UBUNTU-CVE-2020-11997

Published

2021-01-19T22:15:12Z

Modified

2024-10-12T05:38:07.718544Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

References

https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E

Affected packages

Git / github.com/apache/guacamole-server

Affected ranges

Type: GIT
Repo: https://github.com/apache/guacamole-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6042222d44d3b501defaff3d51be442fae710f06

Affected versions

0.*

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.8.0

0.8.2

0.8.3

0.9.0

0.9.1

0.9.10-incubating

0.9.10-incubating-RC1

0.9.10-incubating-RC2

0.9.10-incubating-RC3

0.9.11-incubating

0.9.11-incubating-RC1

0.9.12-incubating

0.9.12-incubating-RC1

0.9.13-incubating

0.9.13-incubating-RC1

0.9.14

0.9.14-RC1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

1.*

1.0.0

1.0.0-RC1

1.1.0

1.1.0-RC1

1.2.0

1.2.0-RC1