CVE-2021-42073 log

Source
Severity Low
Remote Yes
Type Information disclosure
Description
A security issue has been found in Barrier before version 2.4.0. Knowing a valid client name allows information leaks and server manipulation. By default, newly added clients in the barrier GUI application on the server side get assigned the name "Unnamed". When an attacker knows a valid client name then it can specify this name in its Hello message and will be able to enter a fully active session state. In this state the client can receive input device events from the server, claim the clipboard or even inject arbitrary new clipboard content on the server.
Group Package Affected Fixed Severity Status Ticket
AVG-2510 barrier 2.3.3-1 2.4.0-1 Low Fixed
References
https://www.openwall.com/lists/oss-security/2021/11/02/4
https://github.com/debauchee/barrier/pull/1346