High severity8.2NVD Advisory· Published Nov 8, 2021· Updated Jun 17, 2026
CVE-2021-42073
CVE-2021-42073
Description
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Barrier/Barrierdescription
- osv-coords4 versionspkg:rpm/opensuse/barrier&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/barrier&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/barrier&distro=openSUSE%20Tumbleweedpkg:rpm/suse/barrier&distro=SUSE%20Package%20Hub%2015%20SP3
< 2.4.0-lp152.3.6.1+ 3 more
- (no CPE)range: < 2.4.0-lp152.3.6.1
- (no CPE)range: < 2.4.0-bp153.2.3.1
- (no CPE)range: < 2.4.0-1.1
- (no CPE)range: < 2.4.0-bp153.2.3.1
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2021/11/02/4nvdExploitMailing ListThird Party Advisory
- github.com/debauchee/barrier/releases/tag/v2.4.0nvdRelease NotesThird Party Advisory
- github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedccnvd
- github.com/debauchee/barrier/commit/b5adc93e2bd74cb094f91ff595c07f321a489f3envd
News mentions
0No linked articles in our index yet.