Apache · Apache Guacamole · CVE-2024-35164
Name of the Vulnerable Software and Affected Versions:
Apache Guacamole versions 1.5.5 and older
Description:
The issue is related to improper validation of console codes received from servers via text-based protocols like SSH. A malicious user with access to a text-based connection could execute arbitrary code with the privileges of the running guacd process by sending a specially-crafted sequence of console codes.
Recommendations:
For Apache Guacamole versions 1.5.5 and older, upgrade to version 1.6.0 to fix the issue.