Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Guacamole | Apache | 1.2.0 (including) | 1.2.0 (including) |
Guacamole | Apache | 1.3.0 (including) | 1.3.0 (including) |