VDB
CVE-2020-11997
CVE-2020-11997
PUBLISHED
Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.
EPSS 0.51% · 66.8th percentile
Risk Scores
EPSS Score
0.51%
66.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | guacamole-server | 0, 0.9.9-2, 0.9.9-2build1 |
| Ubuntu:22.04:LTS | guacamole-server | 0, 1.3.0-1, 1.3.0-1.1 |
| Ubuntu:16.04:LTS | guacamole-server | 0, 0.8.3-1build2, 0.8.3-2 |
Exploit Intelligence
Timeline
- Jan 19, 2021 CVE Published
- Jan 22, 2021 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-11997 third-party-advisory
- https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-11997 third-party-advisory