cvelistv5 - cve-2018-1340

CVE-2018-1340 (GCVE-0-2018-1340)

Vulnerability from cvelistv5 – Published: 2019-02-07 22:00 – Updated: 2024-09-16 19:20

Summary

Severity ?

No CVSS data available.

CWE

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread.html/af1632e13dd9…	x_refsource_MISC
	http://www.securityfocus.com/bid/106768	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Guacamole	Affected: Apache Guacamole 0.9.4 to 0.9.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E"
          },
          {
            "name": "106768",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106768"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Guacamole",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Guacamole 0.9.4 to 0.9.14"
            }
          ]
        }
      ],
      "datePublic": "2019-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-09T10:57:01",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E"
        },
        {
          "name": "106768",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106768"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2019-01-23T00:00:00",
          "ID": "CVE-2018-1340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Guacamole",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Guacamole 0.9.4 to 0.9.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E"
            },
            {
              "name": "106768",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106768"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-1340",
    "datePublished": "2019-02-07T22:00:00Z",
    "dateReserved": "2017-12-07T00:00:00",
    "dateUpdated": "2024-09-16T19:20:49.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.9.14\", \"matchCriteriaId\": \"2E4787AD-4833-4AB1-A367-FC7A4E00D188\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \\\"secure\\\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain.\"}, {\"lang\": \"es\", \"value\": \"En versiones anteriores a la 1.0.0, Apache Guacamole emple\\u00f3 una cookie para el almacenamiento del lado del cliente del token de sesi\\u00f3n del usuario. Esta cookie carec\\u00eda del flag \\\"secure\\\", que podr\\u00eda permitir que un atacante escuche en la red para interceptar la sesi\\u00f3n del usuario si se realizan peticiones HTTP no cifradas al mismo dominio.\"}]",
      "id": "CVE-2018-1340",
      "lastModified": "2024-11-21T03:59:39.510",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-02-07T22:29:00.287",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106768\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.securityfocus.com/bid/106768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-311\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1340\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2019-02-07T22:29:00.287\",\"lastModified\":\"2024-11-21T03:59:39.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \\\"secure\\\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain.\"},{\"lang\":\"es\",\"value\":\"En versiones anteriores a la 1.0.0, Apache Guacamole emple\u00f3 una cookie para el almacenamiento del lado del cliente del token de sesi\u00f3n del usuario. Esta cookie carec\u00eda del flag \\\"secure\\\", que podr\u00eda permitir que un atacante escuche en la red para interceptar la sesi\u00f3n del usuario si se realizan peticiones HTTP no cifradas al mismo dominio.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-311\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.14\",\"matchCriteriaId\":\"2E4787AD-4833-4AB1-A367-FC7A4E00D188\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106768\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/106768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2018-1340

Vulnerability from fkie_nvd - Published: 2019-02-07 22:29 - Updated: 2024-11-21 03:59

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@apache.org	http://www.securityfocus.com/bid/106768	Third Party Advisory
security@apache.org	https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106768	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E

Impacted products

	Vendor	Product	Version
	apache	guacamole	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E4787AD-4833-4AB1-A367-FC7A4E00D188",
              "versionEndIncluding": "0.9.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
    },
    {
      "lang": "es",
      "value": "En versiones anteriores a la 1.0.0, Apache Guacamole emple\u00f3 una cookie para el almacenamiento del lado del cliente del token de sesi\u00f3n del usuario. Esta cookie carec\u00eda del flag \"secure\", que podr\u00eda permitir que un atacante escuche en la red para interceptar la sesi\u00f3n del usuario si se realizan peticiones HTTP no cifradas al mismo dominio."
    }
  ],
  "id": "CVE-2018-1340",
  "lastModified": "2024-11-21T03:59:39.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-07T22:29:00.287",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/106768"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/106768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-1340

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1340

Aliases

CVE-2018-1340

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1340",
    "description": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain.",
    "id": "GSD-2018-1340",
    "references": [
      "https://advisories.mageia.org/CVE-2018-1340.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1340"
      ],
      "details": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain.",
      "id": "GSD-2018-1340",
      "modified": "2023-12-13T01:22:37.512646Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2019-01-23T00:00:00",
        "ID": "CVE-2018-1340",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Guacamole",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache Guacamole 0.9.4 to 0.9.14"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E"
          },
          {
            "name": "106768",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106768"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.0.0)",
          "affected_versions": "All versions before 1.0.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-311",
            "CWE-937"
          ],
          "date": "2022-11-03",
          "description": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain.",
          "fixed_versions": [
            "1.0.0"
          ],
          "identifier": "CVE-2018-1340",
          "identifiers": [
            "GHSA-wr7r-vg3c-54r5",
            "CVE-2018-1340"
          ],
          "not_impacted": "All versions starting from 1.0.0",
          "package_slug": "maven/org.apache.guacamole/guacamole-common",
          "pubdate": "2022-05-13",
          "solution": "Upgrade to version 1.0.0 or above.",
          "title": "Missing Encryption of Sensitive Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1340",
            "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E",
            "http://www.securityfocus.com/bid/106768",
            "https://github.com/advisories/GHSA-wr7r-vg3c-54r5"
          ],
          "uuid": "2a790a62-f768-4f1c-b7a7-e3521fb43a64"
        },
        {
          "affected_range": "(,0.9.14]",
          "affected_versions": "All versions up to 0.9.14",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-311",
            "CWE-937"
          ],
          "date": "2019-10-03",
          "description": "Apache Guacamole uses a cookie for client-side storage of the user session token. This cookie lacks the `secure` flag, which could allow an attacker to steal the user session token if unencrypted HTTP requests are made to the same domain.",
          "fixed_versions": [
            "1.0.0"
          ],
          "identifier": "CVE-2018-1340",
          "identifiers": [
            "CVE-2018-1340"
          ],
          "not_impacted": "All versions after 0.9.14",
          "package_slug": "maven/org.hammerlab.guacamole/guacamole",
          "pubdate": "2019-02-07",
          "solution": "Upgrade to version 1.0.0 or above.",
          "title": "Missing Encryption of Sensitive Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1340"
          ],
          "uuid": "6373b928-1d6c-4afb-9c34-1093cba6ae9b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2018-1340"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-311"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E"
            },
            {
              "name": "106768",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/106768"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2019-02-07T22:29Z"
    }
  }
}

GHSA-WR7R-VG3C-54R5

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-11-03 18:46

Summary

Missing Encryption of Sensitive Data in Apache Guacamole

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.guacamole:guacamole-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-03T18:46:49Z",
    "nvd_published_at": "2019-02-07T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain.",
  "id": "GHSA-wr7r-vg3c-54r5",
  "modified": "2022-11-03T18:46:49Z",
  "published": "2022-05-13T01:49:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1340"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106768"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing Encryption of Sensitive Data in Apache Guacamole"
}

CNVD-2019-41285

Vulnerability from cnvd - Published: 2019-11-19

Title

Apache Guacamole信息泄露漏洞

Description

Apache Guacamole是美国阿帕奇（Apache）软件基金会的一款无客户端的远程桌面网关。该产品支持VNC、RDP和SSH等协议。 Apache Guacamole 0.9.4版本至0.9.14版本中存在安全漏洞，该漏洞源于程序未能使用‘secure’旗标（flag）来在客户端存储用户会话令牌。攻击者可利用该漏洞监听网络，拦截用户会话令牌。

Severity

中

Patch Name

Apache Guacamole信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://guacamole.apache.org/security/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-1340

Impacted products

Name
Apache Guacamole >=0.9.4，<=0.9.14

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1340",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1340"
    }
  },
  "description": "Apache Guacamole\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u65e0\u5ba2\u6237\u7aef\u7684\u8fdc\u7a0b\u684c\u9762\u7f51\u5173\u3002\u8be5\u4ea7\u54c1\u652f\u6301VNC\u3001RDP\u548cSSH\u7b49\u534f\u8bae\u3002\n\nApache Guacamole 0.9.4\u7248\u672c\u81f30.9.14\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u4f7f\u7528\u2018secure\u2019\u65d7\u6807\uff08flag\uff09\u6765\u5728\u5ba2\u6237\u7aef\u5b58\u50a8\u7528\u6237\u4f1a\u8bdd\u4ee4\u724c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u76d1\u542c\u7f51\u7edc\uff0c\u62e6\u622a\u7528\u6237\u4f1a\u8bdd\u4ee4\u724c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://guacamole.apache.org/security/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41285",
  "openTime": "2019-11-19",
  "patchDescription": "Apache Guacamole\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u65e0\u5ba2\u6237\u7aef\u7684\u8fdc\u7a0b\u684c\u9762\u7f51\u5173\u3002\u8be5\u4ea7\u54c1\u652f\u6301VNC\u3001RDP\u548cSSH\u7b49\u534f\u8bae\u3002\r\n\r\nApache Guacamole 0.9.4\u7248\u672c\u81f30.9.14\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u4f7f\u7528\u2018secure\u2019\u65d7\u6807\uff08flag\uff09\u6765\u5728\u5ba2\u6237\u7aef\u5b58\u50a8\u7528\u6237\u4f1a\u8bdd\u4ee4\u724c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u76d1\u542c\u7f51\u7edc\uff0c\u62e6\u622a\u7528\u6237\u4f1a\u8bdd\u4ee4\u724c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Guacamole\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Guacamole \u003e=0.9.4\uff0c\u003c=0.9.14"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1340",
  "serverity": "\u4e2d",
  "submitTime": "2019-01-29",
  "title": "Apache Guacamole\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201902-0547

Vulnerability from variot - Updated: 2023-12-18 13:02

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain. Apache Guacamole Contains an information disclosure vulnerability.Information may be obtained. Apache Guacamole is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Guacamole 0.9.4 through 0.9.14 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0547",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "guacamole",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.14"
      },
      {
        "model": "guacamole",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.0.0"
      },
      {
        "model": "guacamole",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.9.14"
      },
      {
        "model": "guacamole",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.9.4"
      },
      {
        "model": "guacamole",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1340"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1340"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ross Golder",
    "sources": [
      {
        "db": "BID",
        "id": "106768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-1340",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-1340",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-1340",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1340",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-866",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain. Apache Guacamole Contains an information disclosure vulnerability.Information may be obtained. Apache Guacamole is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. \nApache Guacamole 0.9.4 through 0.9.14 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1340"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "db": "BID",
        "id": "106768"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1340",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "106768",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "43902",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ]
  },
  "id": "VAR-201902-0547",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30092594
  },
  "last_update_date": "2023-12-18T13:02:21.023000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] CVE-2018-1340: Secure flag missing from Apache Guacamole session cookie",
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3cannounce.guacamole.apache.org%3e"
      },
      {
        "title": "Apache Guacamole Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88940"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-311",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1340"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/106768"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1340"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3cannounce.guacamole.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1340"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3cannounce.guacamole.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/43902"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-guacamole-information-disclosure-via-insecure-cookie-28734"
      },
      {
        "trust": 0.3,
        "url": "https://seclists.org/oss-sec/2019/q1/90"
      },
      {
        "trust": 0.3,
        "url": "http://www.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201901.mbox/%3ccalkel-o+=rxbd0y+hsb9=y0n400a8sv2bikgzfnsjgxzipa-uq@mail.gmail.com%3e"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "106768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-23T00:00:00",
        "db": "BID",
        "id": "106768"
      },
      {
        "date": "2019-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "date": "2019-02-07T22:29:00.287000",
        "db": "NVD",
        "id": "CVE-2018-1340"
      },
      {
        "date": "2019-01-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-23T00:00:00",
        "db": "BID",
        "id": "106768"
      },
      {
        "date": "2019-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      },
      {
        "date": "2023-11-07T02:55:59.530000",
        "db": "NVD",
        "id": "CVE-2018-1340"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Guacamole Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001971"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-866"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1340 (GCVE-0-2018-1340)

FKIE_CVE-2018-1340

GSD-2018-1340

GHSA-WR7R-VG3C-54R5

CNVD-2019-41285

VAR-201902-0547

Tags

Sightings

Nomenclature