{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2021-42073","title":"Title"},{"category":"description","text":"An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is \"Unnamed\" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2021-42073","url":"https://www.suse.com/security/cve/CVE-2021-42073"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for openSUSE-SU-2021:1498-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/74GXCIF4KQYNWDBG745K5PJQT5VK2BHK/"},{"category":"external","summary":"Advisory link for openSUSE-SU-2021:1595-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HJIFZZMEQZI47KRZYVOPBZN725K3KS3/"}],"title":"SUSE CVE CVE-2021-42073","tracking":{"current_release_date":"2025-03-15T08:38:59Z","generator":{"date":"2023-02-15T03:37:20Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2021-42073","initial_release_date":"2023-02-15T03:37:20Z","revision_history":[{"date":"2023-02-15T03:37:20Z","number":"2","summary":"Current version"},{"date":"2025-01-01T04:10:32Z","number":"3","summary":"Current version"},{"date":"2025-02-15T04:45:19Z","number":"4","summary":"Current version"},{"date":"2025-02-17T05:07:53Z","number":"5","summary":"Current version"},{"date":"2025-03-15T08:38:59Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Package Hub 15 SP3","product":{"name":"SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3"}},{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}},{"category":"product_name","name":"openSUSE Leap 15.3","product":{"name":"openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.3"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"barrier-2.4.0-1.1","product":{"name":"barrier-2.4.0-1.1","product_id":"barrier-2.4.0-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/barrier@2.4.0-1.1"}}},{"category":"product_version","name":"barrier-2.4.0-bp153.2.3.1","product":{"name":"barrier-2.4.0-bp153.2.3.1","product_id":"barrier-2.4.0-bp153.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/barrier@2.4.0-bp153.2.3.1"}}},{"category":"product_version","name":"barrier-2.4.0-lp152.3.6.1","product":{"name":"barrier-2.4.0-lp152.3.6.1","product_id":"barrier-2.4.0-lp152.3.6.1","product_identification_helper":{"purl":"pkg:rpm/suse/barrier@2.4.0-lp152.3.6.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"barrier-2.4.0-bp153.2.3.1 as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:barrier-2.4.0-bp153.2.3.1"},"product_reference":"barrier-2.4.0-bp153.2.3.1","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"barrier-2.4.0-lp152.3.6.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:barrier-2.4.0-lp152.3.6.1"},"product_reference":"barrier-2.4.0-lp152.3.6.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"barrier-2.4.0-bp153.2.3.1 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:barrier-2.4.0-bp153.2.3.1"},"product_reference":"barrier-2.4.0-bp153.2.3.1","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"barrier-2.4.0-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:barrier-2.4.0-1.1"},"product_reference":"barrier-2.4.0-1.1","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2021-42073","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-42073"}],"notes":[{"category":"general","text":"An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is \"Unnamed\" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 15 SP3:barrier-2.4.0-bp153.2.3.1","openSUSE Leap 15.2:barrier-2.4.0-lp152.3.6.1","openSUSE Leap 15.3:barrier-2.4.0-bp153.2.3.1","openSUSE Tumbleweed:barrier-2.4.0-1.1"]},"references":[{"category":"external","summary":"CVE-2021-42073","url":"https://www.suse.com/security/cve/CVE-2021-42073"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for openSUSE-SU-2021:1498-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/74GXCIF4KQYNWDBG745K5PJQT5VK2BHK/"},{"category":"external","summary":"Advisory link for openSUSE-SU-2021:1595-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HJIFZZMEQZI47KRZYVOPBZN725K3KS3/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP3:barrier-2.4.0-bp153.2.3.1","openSUSE Leap 15.2:barrier-2.4.0-lp152.3.6.1","openSUSE Leap 15.3:barrier-2.4.0-bp153.2.3.1","openSUSE Tumbleweed:barrier-2.4.0-1.1"]}],"threats":[{"category":"impact","date":"2021-08-11T08:03:50Z","details":"moderate"}],"title":"CVE-2021-42073"}]}