CVE-2021-41767 - OpenCVE

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Guacamole

Configuration 1 [-]

cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/01/11/6	Mailing List Third Party Advisory
https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2022-01-11T22:10:11

Updated: 2022-01-12T00:06:13

Reserved: 2021-09-28T00:00:00

Link: CVE-2021-41767

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-11T22:15:07.570

Modified: 2022-01-14T16:40:46.483

Link: CVE-2021-41767

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.3.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue."}], "descriptions": [{"lang": "en", "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection."}], "metrics": [{"other": {"content": {"other": "moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-12T00:06:13", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"}, {"name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"}], "source": {"discovery": "UNKNOWN"}, "title": "Private tunnel identifier may be included in the non-private details of active connections", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-41767", "STATE": "PUBLIC", "TITLE": "Private tunnel identifier may be included in the non-private details of active connections"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Guacamole", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.3.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro", "refsource": "MISC", "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"}, {"name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-41767", "datePublished": "2022-01-11T22:10:11", "dateReserved": "2021-09-28T00:00:00", "dateUpdated": "2022-01-12T00:06:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3A733CC-43E3-4A1C-BF40-54C1113B8B5C", "versionEndIncluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection."}, {"lang": "es", "value": "Apache Guacamole versiones 1.3.0 y anteriores, pueden incluir incorrectamente un identificador de t\u00fanel privado en los detalles no privados de algunas respuestas REST. Esto puede permitir que un usuario autenticado que ya presenta permiso para acceder a una conexi\u00f3n particular lea o interact\u00fae con el uso activo de otro usuario de esa misma conexi\u00f3n"}], "id": "CVE-2021-41767", "lastModified": "2022-01-14T16:40:46.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-11T22:15:07.570", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@apache.org", "type": "Secondary"}]}