Описание
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:guacamole:1.2.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01358
Низкий
8.8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 4 лет назад
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
CVSS3: 8.8
debian
около 4 лет назад
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...
EPSS
Процентиль: 80%
0.01358
Низкий
8.8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-287
CWE-287