CVE-2021-41767
Private tunnel identifier may be included in the non-private details of active connections
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
Productos afectados
Apache Software Foundation · Apache Guacamole¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →