Security & Compliance
DEVO-2023-0013
Zusammenfassung
Devolutions Server subscription functionality is affected by a security vulnerability
Betroffene Produkte
Devolutions Server 2023.1.1.0 and below
Änderungsprotokoll
Initial publication - 2023-05-02
Schweregrad
Low
Produkt
Devolutions Server
Behobene Version
2023.1.3
Improper access control in Subscriptions Folder path filter
Beschreibung
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
Behebungen und Workarounds
Upgrade to Devolutions Server to 2023.1.3 and higher
Schweregrad
Low - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Betroffene Produkte
Devolutions Server 2023.1.1 and earlier
CVE(s)
CVE-2023-2445