Sécurité et conformité
DEVO-2023-0013
Résumé
Devolutions Server subscription functionality is affected by a security vulnerability
Produits affectés
Devolutions Server 2023.1.1.0 and below
Journal des modifications
Initial publication - 2023-05-02
Sévérité
Low
Produit
Devolutions Server
Version corrigée
2023.1.3
Improper access control in Subscriptions Folder path filter
Description
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server to 2023.1.3 and higher
Sévérité
Low - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Produits affectés
Devolutions Server 2023.1.1 and earlier
CVE(s)
CVE-2023-2445