4
CVSSv2

CVE-2020-11997

Published: 19/01/2021 Updated: 22/01/2021
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Apache Guacamole 1.2.0 and previous versions do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache guacamole

Mailing Lists

CVE-2020-11997: Inconsistent restriction of connection history visibility Versions affected: Apache Guacamole 120 and earlier Description: Apache Guacamole 120 and older do not consistently restrict access to connection history based on user visibility If multiple users share access to the same connection, those users may be able to see whic ...