Sécurité et conformité
DEVO-2023-0002
Résumé
Devolutions Server is affected by a security vulnerability.
Produits affectés
Devolutions Server 2022.3.1 up to 2022.3.9.
Journal des modifications
Update - Affected Products are more specific Initial publication - 2023-02-03
Sévérité
Medium
Produit
Devolutions Server
Version corrigée
2022.3.10
Improper access control vulnerability in Devolutions Server
Description
Improper access control in the entry retrieving (/api/connections/partial/entryId) feature in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
Mesures correctives et solutions de contournement
Update to Devolutions Server 2022.3.10 or higher
Sévérité
Medium - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produits affectés
Devolutions Server 2022.3.9 and earlier.
CVE(s)
CVE-2023-0661