Sécurité et conformité
DEVO-2023-0017
Résumé
Devolutions Server is affected by a security vulnerability.
Produits affectés
Devolutions Server 2023.2.8.0 and earlier
Journal des modifications
2023-10-13 - Initial publication
Sévérité
Medium
Produit
Devolutions Server
Version corrigée
2023.2.9.0
Information leak in PAM propagation scripts
Description
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2023.2.9.0 or higher.
Sévérité
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 4.9 medium
Produits affectés
Devolutions Server 2023.2.8.0 and earlier
CVE(s)
CVE-2023-5240