Описание
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Guacamole
4 Medium
CVSS2
6.5 Medium
CVSS3