[SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses

[Mike Jumper <mjumper () apache org>]

Severity: high

Description:

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses
received from a SAML identity provider. If SAML support is enabled,
this may allow a malicious user to assume the identity of another
Guacamole user.

Credit:

We would like to thank Finn Steglich (ETAS) for reporting this issue.