CVE-2020-11997
First published: Tue Jan 19 2021(Updated: )
Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Guacamole | <=1.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is Apache Guacamole 1.2.0 vulnerability?
Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility.
What is the severity of CVE-2020-11997?
The severity of CVE-2020-11997 is medium with a CVSS score of 4.3.
How does CVE-2020-11997 impact Apache Guacamole?
CVE-2020-11997 allows multiple users to see which other users have accessed the same connection and their IP addresses.
How can I fix the vulnerability in Apache Guacamole 1.2.0?
To fix the vulnerability in Apache Guacamole 1.2.0, you should upgrade to a version that includes the fix.
Where can I find more information about CVE-2020-11997?
More information about CVE-2020-11997 can be found at the following link: [link](https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E).
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache guacamole
- version/apache guacamole/1.2.0