You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2022/11/23 20:36:00 UTC

[jira] [Commented] (GUACAMOLE-1720) CVE-2022-25869

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17637951#comment-17637951 ] 

Mike Jumper commented on GUACAMOLE-1720:
----------------------------------------

We are aware of this, yes, and that issue does not affect Guacamole. There are no {{<textarea>}} fields in the application that can be affected by Internet Explorer's caching of values, as all such fields in Guacamole are dynamic to the extent that Internet Explorer is not capable of caching them.

If you have any further questions/comments on this (or any other issue with potential security implications), please use the private security@guacamole.apache.org mailing list instead of JIRA.

> CVE-2022-25869 
> ---------------
>
>                 Key: GUACAMOLE-1720
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1720
>             Project: Guacamole
>          Issue Type: Wish
>          Components: guacamole-client
>    Affects Versions: 1.4.0
>            Reporter: Andrew L Robie
>            Priority: Minor
>
> A CVE was discovered in Angular 1 interactions with IE's cache: [NVD - CVE-2022-25869 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2022-25869]
> I was wondering if you guys were aware of this and were planning to do any remediation?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)