cvedb.io
CVE-2018-1340
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2019-02-07T22:29:00.287 · Last modified 2026-06-17T01:51:03.597

Summary

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.

Affected products

apache — guacamole

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.