org.apache.guacamole:guacamole-ext@1.2.0

latest version

1.6.0

latest non vulnerable version

1.6.0

first published

9 years ago

latest version published

10 months ago

licenses detected

Apache-2.0
[0.9.10-incubating,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.guacamole:guacamole-ext package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Insecure Default Affected versions of this package are vulnerable to Insecure Default. Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users. How to fix Insecure Default? Upgrade `org.apache.guacamole:guacamole-ext` to version 1.3.0 or higher.	[,1.3.0)

Insecure Default

Affected versions of this package are vulnerable to Insecure Default. Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

How to fix Insecure Default?

Upgrade org.apache.guacamole:guacamole-ext to version 1.3.0 or higher.

[,1.3.0)

Go back to all versions of this package