Security & Compliance
DEVO-2023-0005
Zusammenfassung
Devolutions Server secure messages feature is affected by a security vulnerability.
Betroffene Produkte
Devolutions Server 2022.3.12 and below
Änderungsprotokoll
Initial publication - 2023-03-06
Schweregrad
Medium
Produkt
Devolutions Server
Behobene Version
2022.3.13
Improper access control in the secure messages feature
Beschreibung
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.
Devolutions Server uses a secure CSPRNG to generate UUID which would, in theory, not allow an attacker to brute force or guess this ID. Therefore, the attacker must find another vulnerability to exploit this issue.
Behebungen und Workarounds
Upgrade to Devolutions Server 2022.3.13 and higher.
Schweregrad
Medium - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 5.3
Betroffene Produkte
Devolutions Server 2022.3.12 and below.
CVE(s)
CVE-2023-1201