UBUNTU-CVE-2020-11997

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-11997

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-11997.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-11997

Upstream

CVE-2020-11997

Published

2021-01-19T22:15:00Z

Modified

2025-07-18T16:45:49Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

References

Affected packages

Ubuntu:Pro:16.04:LTS / guacamole-server

Package

Name: guacamole-server
Purl: pkg:deb/ubuntu/guacamole-server@0.8.3-2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.3-1build2

0.8.3-2

Ubuntu:Pro:18.04:LTS / guacamole-server

Package

Name: guacamole-server
Purl: pkg:deb/ubuntu/guacamole-server@0.9.9-2build1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.9-2

0.9.9-2build1

Ubuntu:22.04:LTS / guacamole-server

Package

Name: guacamole-server
Purl: pkg:deb/ubuntu/guacamole-server@1.3.0-1.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-1

1.3.0-1build1

1.3.0-1.1