On Wed, Jan 12, 2022, 01:41 Jürgen Kuri <juergen.k...@ionos.com> wrote:
> El 11.01.22 a las 22:21, Mike Jumper escribió: > > Severity: moderate > > > > Description: > > > > Apache Guacamole 1.3.0 and older may incorrectly include a private > > tunnel identifier in the non-private details of some REST responses. > > This may allow an authenticated user who already has permission to > > access a particular connection to read from or interact with another > > user's active use of that same connection. > > > > Credit: > > > > We would like to thank Damian Velardo (Australia and New Zealand > > Banking Group) for reporting this issue. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > > For additional commands, e-mail: user-h...@guacamole.apache.org > > > Hello, > > which component is affected here, backend (guacd) or frontend (.war) or > both? > The web application (.war). - Mike
