{"id":"CVE-2021-41767","details":"Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.","aliases":["BIT-guacamole-2021-41767","BIT-guacamole-server-2021-41767"],"modified":"2026-04-10T04:38:43.795146Z","published":"2022-01-11T22:15:07.570Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/01/11/6"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/guacamole-server","events":[{"introduced":"0"},{"last_affected":"90e15cb70635e8d13ebdefec9262701d2179983a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.0"}]}}],"versions":["0.8.2","0.8.3","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","1.3.0","1.3.0-RC1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41767.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}