Sécurité et conformité
DEVO-2023-0020
Résumé
Devolutions Server is affected by a security vulnerability.
Produits affectés
Devolutions Server 2023.3.7.0 and earlier
Journal des modifications
2023-11-22 - Initial Publication
Sévérité
Low
Produit
Devolutions Server
Version corrigée
Devolutions Server 2023.3.8.0
Information leak in Content-Security-Policy header
Description
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2023.3.8 or higher
Sévérité
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/U:Green 6.3 Medium
Produits affectés
Devolutions Server 2023.3.7 and earlier
CVE(s)
CVE-2023-6264