CVE-2021-42073

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-42073

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42073.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-42073

Related

Published

2021-11-08T04:15:08Z

Modified

2025-01-15T02:06:11.812554Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.

References

Affected packages

Git / github.com/debauchee/barrier

Affected ranges

Type: GIT
Repo: https://github.com/debauchee/barrier
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

229abab99f39f11624e5651f819e7f1f8eddedcc

Fixed

229abab99f39f11624e5651f819e7f1f8eddedcc

Fixed

b5adc93e2bd74cb094f91ff595c07f321a489f3e

Fixed

b5adc93e2bd74cb094f91ff595c07f321a489f3e

Affected versions

1.*

1.6.0

1.6.1

1.6.2

1.6.3-final

1.7.0

v1.*

v1.7.1-stable

v1.7.2-stable

v1.7.3-stable

v1.8.0-beta

v1.8.1-stable

v1.8.3-stable

v1.8.4-stable

v1.8.5-stable

v1.8.6-stable

v1.8.7-stable

v1.8.8-stable

v2.*

v2.0.0

v2.0.0-RC1

v2.0.0-RC2

v2.1.0

v2.1.1

v2.1.2

v2.3.0

v2.3.1

v2.3.2

v2.3.3