Sécurité et conformité
DEVO-2023-0018
Résumé
Devolutions Server is affected by a security vulnerability.
Produits affectés
Devolutions Server 2022.3.13.0 and earlier
Journal des modifications
2023-10-16 - Initial publication
Sévérité
Medium
Produit
Devolutions Server
Version corrigée
2023.1
Issue in permission inheritance
Description
Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2023.1 and higher
Sévérité
Medium 6.8 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Produits affectés
Devolutions Server 2022.3.13.0 and earlier
CVE(s)
CVE-2023-5575