CVE-2021-43999

CVE-2021-43999: Improper validation of SAML responses

Vendor Apache Software Foundation
Product Apache Guacamole
Weakness CWE-287 · Improper authentication
Published January 11, 2022
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

Key dates

02Disclosure timeline

January 11, 2022 CVE published
August 4, 2024 Record updated