Security & Compliance
DEVO-2025-0006
Zusammenfassung
Devolutions Server is affected by a security vulnerability.
Betroffene Produkte
Devolutions Server 2025.1.5.0 and earlier
Änderungsprotokoll
2025-05-01 - Initial publication
Schweregrad
Medium
Produkt
Devolutions Server
Behobene Version
2025.1.6.0
Incorrect privilege assignment in PAM JIT elevation feature
Beschreibung
Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.1.6.0 or higher
Schweregrad
6.9 Medium - CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Betroffene Produkte
Devolutions Server 2025.1.5.0 and earlier
CVE(s)
CVE-2025-3517