Apache · Apache Guacamole · CVE-2021-41767
**Name of the Vulnerable Software and Affected Versions**
Apache Guacamole versions 1.3.0 and older
**Description**
The issue allows an authenticated user who already has permission to access a particular connection to potentially read from or interact with another user's active use of that same connection. This is due to the incorrect inclusion of a private tunnel identifier in the non-private details of some REST responses.
**Recommendations**
For Apache Guacamole versions 1.3.0 and older, at the moment, there is no information about a newer version that contains a fix for this vulnerability.