/plushcap/analysis/sonar/avocado-nightmare-1

Code Interoperability: The Hazards of Technological Variety

What's this blog post about?

In April 2023, the Sonar Research team discovered two critical vulnerabilities (CVE-2023-30575 and CVE-2023-30576) in Apache Guacamole, a popular remote desktop gateway. These vulnerabilities allowed low-privileged users to gain remote code execution on the Guacamole server by attacking the external web interface. Attackers could leverage this access to spy on every connection, harvest sensitive credentials, and pivot to an organization's internal network. Thanks to our report, the Guacamole maintainers fixed the vulnerabilities in May 2023 with version 1.5.2, and there were no signs of in-the-wild exploitation.

Company
Sonar

Date published
May 7, 2024

Author(s)
Stefan Schiller

Word count
3428

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.