Skip to content
Permalink
Browse files
Document vulnerability CVE-2021-41767, fixed in 1.4.0.
  • Loading branch information
mike-jumper committed Jan 11, 2022
1 parent 4328090 commit 88a823eaf7aac122e8908ed29ade01b39fca5ddc
Showing 1 changed file with 15 additions and 0 deletions.
@@ -0,0 +1,15 @@
---
title: Private tunnel identifier may be included in the non-private details of active connections
cve: CVE-2021-41767
fixed: 1.4.0
---

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel
identifier in the non-private details of some REST responses. This may allow an
authenticated user who already has permission to access a particular connection
to read from or interact with another user's active use of that same
connection.

Acknowledgements: We would like to thank Damian Velardo (Australia and New
Zealand Banking Group) for reporting this issue.

0 comments on commit 88a823e

Please sign in to comment.