Skip to content
Sign up
Product
Features
Mobile
Actions
Codespaces
Copilot
Packages
Security
Code review
Issues
Integrations
GitHub Sponsors
Customer stories
Team
Enterprise
Explore
Explore GitHub
Learn and contribute
Topics
Collections
Trending
Skills
GitHub Sponsors
Open source guides
Connect with others
The ReadME Project
Events
Community forum
GitHub Education
GitHub Stars program
Marketplace
Pricing
Plans
Compare plans
Contact Sales
Education
In this repository
All GitHub
↵
Jump to
↵
No suggested jump to results
In this repository
All GitHub
↵
Jump to
↵
In this organization
All GitHub
↵
Jump to
↵
In this repository
All GitHub
↵
Jump to
↵
Sign in
Sign up
{{ message }}
apache
/
guacamole-website
Public
Notifications
Fork
87
Star
209
Code
Pull requests
2
Actions
Projects
0
Security
Insights
More
Code
Pull requests
Actions
Projects
Security
Insights
Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Document vulnerability CVE-2020-11997, fixed in 1.3.0.
Loading branch information
mike-jumper
committed
Jan 18, 2021
1 parent
1b3c8ac
commit
67719366cc3c32f8ce4758a8fc704e74181e7295
Showing
1 changed file
with
16 additions
and
0 deletions
.
Split
Unified
There are no files selected for viewing
16
_security/CVE-2020-11997.md
Show comments
View file
Edit file
Delete file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Show hidden characters
@@ -0,0 +1,16 @@
---
title
:
Inconsistent restriction of connection history visibility
cve
:
CVE-2020-11997
fixed
:
1.3.0
---
Apache Guacamole 1.2.0 and older do not consistently restrict access to
connection history based on user visibility. If multiple users share access to
the same connection, those users may be able to see which other users have
accessed that connection, as well as the IP addresses from which that
connection was accessed, even if those users do not otherwise have permission
to see other users.
Acknowledgements: We would like to thank William Le Berre (Synetis) for
reporting this issue.
Toggle all file notes
Toggle all file annotations
0 comments on commit
6771936
Please
sign in
to comment.
You can’t perform that action at this time.
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
