Security & Compliance
DEVO-2023-0017
Zusammenfassung
Devolutions Server is affected by a security vulnerability.
Betroffene Produkte
Devolutions Server 2023.2.8.0 and earlier
Änderungsprotokoll
2023-10-13 - Initial publication
Schweregrad
Medium
Produkt
Devolutions Server
Behobene Version
2023.2.9.0
Information leak in PAM propagation scripts
Beschreibung
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
Behebungen und Workarounds
Upgrade to Devolutions Server 2023.2.9.0 or higher.
Schweregrad
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 4.9 medium
Betroffene Produkte
Devolutions Server 2023.2.8.0 and earlier
CVE(s)
CVE-2023-5240