oss-sec mailing list archives
[SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses
From: Mike Jumper <mjumper () apache org>
Date: Tue, 11 Jan 2022 13:21:35 -0800
Severity: high Description: Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. Credit: We would like to thank Finn Steglich (ETAS) for reporting this issue.
Current thread:
- [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses Mike Jumper (Jan 11)