CVE-2021-42073
Last modified
CVE-2021-42073 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. EPSS estimates a 1.41% chance of exploitation in the next 30 days.
Description
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Barrier Project | Barrier | < 2.4.0 |
References
- http://www.openwall.com/lists/oss-security/2021/11/02/4Exploit, Mailing List, Third Party Advisory
- https://github.com/debauchee/barrier/releases/tag/v2.4.0Release Notes, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/11/02/4Exploit, Mailing List, Third Party Advisory
- https://github.com/debauchee/barrier/releases/tag/v2.4.0Release Notes, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-42073?
How severe is CVE-2021-42073?
How do I fix CVE-2021-42073?
Are you affected by CVE-2021-42073?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST