CVE-2021-42072 — Improper Authentication in Project Barrier

CWE-287 — Improper Authentication2 documents2 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 32.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Barrier Project Barrier Fedoraproject Fedora

Timeline

PublishedNov 8

Latest updateMay 24

Description

An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDbarrier_project/barrier< 2.4.0

Also affects: Fedora 34, 35

🔴Vulnerability Details

GHSA

GHSA-wvmp-5fvm-29ff: An issue was discovered in Barrier before 2↗2022-05-24

▶