El 11.01.22 a las 22:21, Mike Jumper escribió:
> Severity: moderate
> 
> Description:
> 
> Apache Guacamole 1.3.0 and older may incorrectly include a private
> tunnel identifier in the non-private details of some REST responses.
> This may allow an authenticated user who already has permission to
> access a particular connection to read from or interact with another
> user's active use of that same connection.
> 
> Credit:
> 
> We would like to thank Damian Velardo (Australia and New Zealand
> Banking Group) for reporting this issue.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
> 
Hello,

which component is affected here, backend (guacd) or frontend (.war) or both?

-- 
Thanks
Jürgen

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Reply via email to