Security & Compliance
DEVO-2023-0010
Zusammenfassung
Devolutions Server support ticket endpoints are affected by a security vulnerability.
Betroffene Produkte
Devolutions Server 2023.1.5.0 and below
Änderungsprotokoll
Initial publication - 2023-04-17 Fixed typo - 2023-04-24
Schweregrad
Medium
Produkt
Devolutions Server
Behobene Version
2023.1.6.0
Endpoint for diagnostic logs not limited to administrators
Beschreibung
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
Behebungen und Workarounds
Upgrade to Devolutions Server 2023.1.6.0 or higher
Schweregrad
Medium 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Betroffene Produkte
Devolutions Server 2023.1.5.0 and earlier.
CVE(s)
CVE-2023-2118
Danksagungen
Jico