Skip to content
Permalink
Browse files
Document vulnerability CVE-2021-43999, fixed in 1.4.0.
  • Loading branch information
mike-jumper committed Jan 11, 2022
1 parent 88a823e commit f47ef929270cb12059f7e55e61ab0a1ea637f396
Showing 1 changed file with 13 additions and 0 deletions.
@@ -0,0 +1,13 @@
---
title: Improper validation of SAML responses
cve: CVE-2021-43999
fixed: 1.4.0
---

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received
from a SAML identity provider. If SAML support is enabled, this may allow a
malicious user to assume the identity of another Guacamole user.

Acknowledgements: We would like to thank Finn Steglich (ETAS) for reporting
this issue.

0 comments on commit f47ef92

Please sign in to comment.