Description
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.
Remediation
References
http://www.securityfocus.com/bid/106768
https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E
Related Vulnerabilities
CVE-2022-25892 Vulnerability in npm package hummus
CVE-2019-10356 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2022-25645 Vulnerability in npm package dset
CVE-2018-3725 Vulnerability in npm package hekto
CVE-2021-4133 Vulnerability in maven package org.keycloak:keycloak-services