CVE Vulnerability

CVE-2021-42073

An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.

5.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

8.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/debauchee/barrier/releases/tag/v2.4.0 Release Notes Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/11/02/4 Exploit Mailing List
Configurations

Configuration 1

cpe:2.3:a:barrier_project:barrier:*:*:*:*:*:*:*:*
Information

Published : 2021-11-08 04:15

Updated : 2021-11-09 09:55

NVD link : CVE-2021-42073

Mitre link : CVE-2021-42073

Products Affected
No products.
CWE
CWE-384

Session Fixation