An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/11/02/4 | Exploit Mailing List Third Party Advisory |
https://github.com/debauchee/barrier/releases/tag/v2.4.0 | Release Notes Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIEVNCFEFO7L3NTM4VUZB3WKYYCBTFCI/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMU3STOKHPEZSC54MZ42YBFFC2R3BU2Q/ |
Configurations
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
15 May 2022, 13:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMU3STOKHPEZSC54MZ42YBFFC2R3BU2Q/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIEVNCFEFO7L3NTM4VUZB3WKYYCBTFCI/ - Mailing List, Third Party Advisory |
03 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2021, 21:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:barrier_project:barrier:*:*:*:*:*:*:*:* | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/11/02/4 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/debauchee/barrier/releases/tag/v2.4.0 - Release Notes, Third Party Advisory | |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
08 Nov 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-08 04:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-42072
Mitre link : CVE-2021-42072
CVE.ORG link : CVE-2021-42072
JSON object : View
Products Affected
barrier_project
- barrier
fedoraproject
- fedora
CWE
CWE-287
Improper Authentication