Skip to content
Permalink
Browse files
Document vulnerability CVE-2020-11997, fixed in 1.3.0.
  • Loading branch information
mike-jumper committed Jan 18, 2021
1 parent 1b3c8ac commit 67719366cc3c32f8ce4758a8fc704e74181e7295
Showing 1 changed file with 16 additions and 0 deletions.
@@ -0,0 +1,16 @@
---
title: Inconsistent restriction of connection history visibility
cve: CVE-2020-11997
fixed: 1.3.0
---

Apache Guacamole 1.2.0 and older do not consistently restrict access to
connection history based on user visibility. If multiple users share access to
the same connection, those users may be able to see which other users have
accessed that connection, as well as the IP addresses from which that
connection was accessed, even if those users do not otherwise have permission
to see other users.

Acknowledgements: We would like to thank William Le Berre (Synetis) for
reporting this issue.

0 comments on commit 6771936

Please sign in to comment.