CVE-2021-42073 - log back

CVE-2021-42073 edited at 02 Nov 2021 12:39:34
References
https://www.openwall.com/lists/oss-security/2021/11/02/4
- https://github.com/debauchee/barrier/pull/1351
+ https://github.com/debauchee/barrier/pull/1346
CVE-2021-42073 edited at 02 Nov 2021 12:38:12
References
https://www.openwall.com/lists/oss-security/2021/11/02/4
- https://github.com/debauchee/barrier/pull/1346
+ https://github.com/debauchee/barrier/pull/1351
CVE-2021-42073 edited at 02 Nov 2021 12:38:06
References
https://www.openwall.com/lists/oss-security/2021/11/02/4
https://github.com/debauchee/barrier/pull/1346
- https://github.com/debauchee/barrier/pull/1351
Notes
CVE-2021-42073 edited at 02 Nov 2021 12:37:51
References
https://www.openwall.com/lists/oss-security/2021/11/02/4
https://github.com/debauchee/barrier/pull/1346
+ https://github.com/debauchee/barrier/pull/1351
CVE-2021-42073 edited at 02 Nov 2021 12:35:44
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A security issue has been found in Barrier before version 2.4.0. Knowing a valid client name allows information leaks and server manipulation. By default, newly added clients in the barrier GUI application on the server side get assigned the name "Unnamed". When an attacker knows a valid client name then it can specify this name in its Hello message and will be able to enter a fully active session state. In this state the client can receive input device events from the server, claim the clipboard or even inject arbitrary new clipboard content on the server.
References
+ https://www.openwall.com/lists/oss-security/2021/11/02/4
+ https://github.com/debauchee/barrier/pull/1346
CVE-2021-42073 created at 02 Nov 2021 12:28:17