CVE-2021-41767 is a vulnerability in Apache Guacamole
Published on January 11, 2022
Private tunnel identifier may be included in the non-private details of active connections
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2021-41767 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2021-41767
Want to know whenever a new CVE is published for Apache Guacamole? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Guacamole:- Version unspecified, <= 1.3.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.