CVE-2020-11997

Name of the Vulnerable Software and Affected Versions Apache Guacamole versions 1.2.0 and earlier

Description The issue arises from inconsistent access restrictions to connection history based on user visibility. When multiple users share access to the same connection, they may be able to see which other users have accessed that connection, as well as the IP addresses from which the connection was accessed, even if they do not have permission to see other users.

Recommendations For Apache Guacamole versions 1.2.0 and earlier, consider restricting access to the connection history feature until a patch is available. As a temporary workaround, limit shared access to connections to only those users who need to see the connection history, thereby minimizing the risk of unauthorized access to sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.