Sécurité et conformité
DEVO-2024-0007
Résumé
Devolutions Server is affected by a vulnerability.
Produits affectés
Devolutions Server 2024.1.11.0 and earlier
Journal des modifications
17/5/2024 - Initial publication
Sévérité
Medium
Produit
Devolutions Server
Version corrigée
2024.1.12
Improper input validation in PAM JIT elevation feature allows LDAP injection
Description
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2024.1.12.0 or higher
Sévérité
Medium 6.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Produits affectés
Devolutions Server 2024.1.11.0 and earlier
CVE(s)
CVE-2024-5072