CVE-2021-42072 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Insufficient validation |
| Description | A security issue has been found in Barrier before version 2.4.0. Contrary to the client side, the server does not verify client connections in any way. Since the server is taking over control of the client this may seem enough at first glance. However it means that the SSL connection does not add any authenticity or authentication for the server side. The server process thus provides attack surface to any member of the attached network. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2510 | barrier | 2.3.3-1 | 2.4.0-1 | Low | Fixed |
| References |
|---|
https://www.openwall.com/lists/oss-security/2021/11/02/4 https://github.com/debauchee/barrier/pull/1346 |