Security & Compliance
DEVO-2023-0022
Zusammenfassung
Devolutions Workspace is affected by a vulnerability.
Betroffene Produkte
Devolutions Workspace 2023.3.2.0 and earlier
Änderungsprotokoll
2023-12-07 - Initial publication
Schweregrad
Low
Produkt
Devolutions Workspace
Behobene Version
2023.3
Offline mode permission not enforced
Beschreibung
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline.
Behebungen und Workarounds
Upgrade to Devolutions Workspace 2023.3.0 or higher.
Schweregrad
2.3 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green
Betroffene Produkte
Devolutions Workspace 2023.3.2.0 and earlier
CVE(s)
CVE-2023-6588