Published: 11/01/2022 Updated: 14/01/2022

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache guacamole 1.3.0
apache guacamole 1.2.0

Debian Bug report logs - #1015986 guacamole-client: CVE-2021-41767 CVE-2021-43999 CVE-2020-11997 Package: src:guacamole-client; Maintainer for src:guacamole-client is Debian Remote Maintainers <pkg-remote-team@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 24 Jul 2022 19:03:01 UT ...

Severity: high Description: Apache Guacamole 120 and 130 do not properly validate responses received from a SAML identity provider If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user Credit: We would like to thank Finn Steglich (ETAS) for reporting this issue ...

CWE-287 https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9 http://www.openwall.com/lists/oss-security/2022/01/11/7 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015986

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-43999

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect