|CVSS v3.1 base score:||8.7|
|CVSS v3.1 vector:||AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:X/RL:O/RC:C|
- Glyptodon Enterprise 2.6 and older
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
Preconditions for exploitation
- SAML support for Apache Guacamole is enabled.
Results of a successful attack
- A malicious user may assume the identity of another existing Guacamole user.
Glyptodon Enterprise 2.x has been patched with respect to this vulnerability. Users should evaluate their exposure/risk based on this advisory and plan to upgrade when possible.
Glyptodon Enterprise 1.x does not have support for SAML available and is not affected.
Analysis and CVSS score breakdown
|Attack Vector||Network||Exploiting this vulnerability relies only on communicating with the web application through standard mechanisms, as already exposed by Guacamole's web interface.|
|Attack Complexity||Low||Exploiting this vulnerability requires limited technical ability.|
|Privileges Required||None||No privileges are required to attempt to exploit this vulnerability.|
|User Interaction||None||An attacker would require no additional user interaction beyond their own.|
|Scope||Unchanged||The scope of information obtained does not extend beyond what Guacamole is explicitly designed to provide.|
|Confidentiality Impact||High||Any information accessible to the user impersonated by the attacker would be accessible.|
|Integrity||High||Any information writable/modifiable to the user impersonated by the attacker would be accessible.|
|Availability||None||The availability of Guacamole and all related services are unaffected.|
|Remediation Level||Official fix available||The upstream Apache Guacamole project has released a fix via their 1.4.0 release, and this fix has been backported to all affected versions of Glyptodon Enterprise.|
|Report Confidence||Confirmed||Existence of the vulnerability in Apache Guacamole 1.2.0 and 1.3.0 has been acknowledged by the upstream Apache Guacamole project.|