CVE-2021-41767

CVE-2021-41767: Private tunnel identifier may be included in the non-private details of active connections

Vendor Apache Software Foundation

Product Apache Guacamole

Weakness CWE-200 · Info exposure

Published January 11, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.

Key dates

02Disclosure timeline

January 11, 2022 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-41767 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2021-41767: Private tunnel identifier may be included in the non-private details of active connections

01Description

02Disclosure timeline

03References

04Related CVE