Security & Compliance
DEVO-2024-0013
Zusammenfassung
Devolutions Server is affected by a vulnerability.
Betroffene Produkte
Devolutions Server 2024.2.10.0 and earlier
Änderungsprotokoll
2024-09-25 - Initial publication 2024-10-01 - Initial publication
Schweregrad
Medium
Produkt
Devolutions Server
Behobene Version
2024.2.12.0
Incorrect Authorization via PAM module
Beschreibung
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
Behebungen und Workarounds
Upgrade to Devolutions Server to 2024.3 and higher
Schweregrad
Medium - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Betroffene Produkte
Devolutions Server 2024.2.10.0 and earlier
CVE(s)
CVE-2024-6512