An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-08T00:00:00
Updated: 2024-08-04T03:22:26.062Z
Reserved: 2021-10-07T00:00:00
Link: CVE-2021-42073
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-08T04:15:08.500
Modified: 2024-11-21T06:27:11.580
Link: CVE-2021-42073
Redhat
No data.