CVE-2021-43999: Improper validation of SAML responses

Severity:

High

CVSS v3.1 base score:

8.7

CVSS v3.1 vector:

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:X/RL:O/RC:C

Software affected

  • Glyptodon Enterprise 2.6 and older

Description

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

Preconditions for exploitation

  • SAML support for Apache Guacamole is enabled.

Results of a successful attack

  • A malicious user may assume the identity of another existing Guacamole user.

Mitigation

Glyptodon Enterprise 2.x has been patched with respect to this vulnerability. Users should evaluate their exposure/risk based on this advisory and plan to upgrade when possible.

Glyptodon Enterprise 1.x does not have support for SAML available and is not affected.

Analysis and CVSS score breakdown

Metric
Value
Comments

Attack Vector

Network

Exploiting this vulnerability relies only on communicating with the web application through standard mechanisms, as already exposed by Guacamole's web interface.

Attack Complexity

Low

Exploiting this vulnerability requires limited technical ability.

Privileges Required

None

No privileges are required to attempt to exploit this vulnerability.

User Interaction

None

An attacker would require no additional user interaction beyond their own.

Scope

Unchanged

The scope of information obtained does not extend beyond what Guacamole is explicitly designed to provide.

Confidentiality Impact

High

Any information accessible to the user impersonated by the attacker would be accessible.

Integrity

High

Any information writable/modifiable to the user impersonated by the attacker would be accessible.

Availability

None

The availability of Guacamole and all related services are unaffected.

Remediation Level

Official fix available

The upstream Apache Guacamole project has released a fix via their 1.4.0 release, and this fix has been backported to all affected versions of Glyptodon Enterprise.

Report Confidence

Confirmed

Existence of the vulnerability in Apache Guacamole 1.2.0 and 1.3.0 has been acknowledged by the upstream Apache Guacamole project.

PreviousCVE-2021-41767: Private tunnel identifier may be included in the non-private details of active conneNextAccessibility Conformance

Last updated

Was this helpful?