Sécurité et conformité
DEVO-2023-0010
Résumé
Devolutions Server support ticket endpoints are affected by a security vulnerability.
Produits affectés
Devolutions Server 2023.1.5.0 and below
Journal des modifications
Initial publication - 2023-04-17 Fixed typo - 2023-04-24
Sévérité
Medium
Produit
Devolutions Server
Version corrigée
2023.1.6.0
Endpoint for diagnostic logs not limited to administrators
Description
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2023.1.6.0 or higher
Sévérité
Medium 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produits affectés
Devolutions Server 2023.1.5.0 and earlier.
CVE(s)
CVE-2023-2118
Crédits
Jico