Sécurité et conformité
DEVO-2023-0005
Résumé
Devolutions Server secure messages feature is affected by a security vulnerability.
Produits affectés
Devolutions Server 2022.3.12 and below
Journal des modifications
Initial publication - 2023-03-06
Sévérité
Medium
Produit
Devolutions Server
Version corrigée
2022.3.13
Improper access control in the secure messages feature
Description
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.
Devolutions Server uses a secure CSPRNG to generate UUID which would, in theory, not allow an attacker to brute force or guess this ID. Therefore, the attacker must find another vulnerability to exploit this issue.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2022.3.13 and higher.
Sévérité
Medium - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 5.3
Produits affectés
Devolutions Server 2022.3.12 and below.
CVE(s)
CVE-2023-1201