Code Interoperability: The Hazards of Technological Variety
In April 2023, the Sonar Research team discovered two critical vulnerabilities (CVE-2023-30575 and CVE-2023-30576) in Apache Guacamole, a popular remote desktop gateway. These vulnerabilities allowed low-privileged users to gain remote code execution on the Guacamole server by attacking the external web interface. Attackers could leverage this access to spy on every connection, harvest sensitive credentials, and pivot to an organization's internal network. Thanks to our report, the Guacamole maintainers fixed the vulnerabilities in May 2023 with version 1.5.2, and there were no signs of in-the-wild exploitation.
Company
Sonar
Date published
May 7, 2024
Author(s)
Stefan Schiller
Word count
3428
Language
English
Hacker News points
None found.