Access Control Weakness in Apache Guacamole by Apache
CVE-2020-11997

4.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Guacamole
Vendor: CVE Published:; 19 January 2021

What is CVE-2020-11997?

Apache Guacamole versions 1.2.0 and earlier exhibit an access control weakness where connection history is not adequately restricted by user permissions. In scenarios where multiple users have access to the same connection, these users can unintentionally observe the connection history, including the identities of other users and their respective IP addresses, despite not having the necessary permissions to view such sensitive information.

Affected Version(s)

Apache Guacamole Apache Guacamole 1.2.0 and older

References

https://lists.apache.org/thread.html/r1a9ae9d1608c9f84687...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2021
Vulnerability Reserved
Apr 21, 2020