Unrated severityOSV Advisory· Published Jan 19, 2021· Updated Aug 4, 2024

CVE-2020-11997

Description

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

Affected products

Apache/Guacamole ServerOSV
Range: 0.8.2, 0.8.3, 0.9.0, …
Apache/Guacamolellm-fuzzy
Range: <=1.2.0
osv-coords2 versions
pkg:bitnami/guacamole pkg:bitnami/guacamole-server
< 1.2.0+ 1 more
- (no CPE)range: < 1.2.0
- (no CPE)range: < 1.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3Emitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000