Security & Compliance
DEVO-2023-0018
Zusammenfassung
Devolutions Server is affected by a security vulnerability.
Betroffene Produkte
Devolutions Server 2022.3.13.0 and earlier
Änderungsprotokoll
2023-10-16 - Initial publication
Schweregrad
Medium
Produkt
Devolutions Server
Behobene Version
2023.1
Issue in permission inheritance
Beschreibung
Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.
Behebungen und Workarounds
Upgrade to Devolutions Server 2023.1 and higher
Schweregrad
Medium 6.8 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Betroffene Produkte
Devolutions Server 2022.3.13.0 and earlier
CVE(s)
CVE-2023-5575