CVE-2021-42073

Name of the Vulnerable Software and Affected Versions Barrier versions prior to 2.4.0

Description An issue allows an attacker to enter an active session state with the barriers component by supplying a client label that identifies a valid client configuration. This label is Unnamed by default but could be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server and modify the clipboard content on the server.

Recommendations For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the barriers component to minimize the risk of exploitation. Avoid using the default client label Unnamed and ensure that all client configurations have unique and secure labels.