Security & Compliance
DEVO-2024-0007
Zusammenfassung
Devolutions Server is affected by a vulnerability.
Betroffene Produkte
Devolutions Server 2024.1.11.0 and earlier
Änderungsprotokoll
17/5/2024 - Initial publication
Schweregrad
Medium
Produkt
Devolutions Server
Behobene Version
2024.1.12
Improper input validation in PAM JIT elevation feature allows LDAP injection
Beschreibung
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
Behebungen und Workarounds
Upgrade to Devolutions Server 2024.1.12.0 or higher
Schweregrad
Medium 6.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Betroffene Produkte
Devolutions Server 2024.1.11.0 and earlier
CVE(s)
CVE-2024-5072