Sécurité et conformité
DEVO-2024-0013
Résumé
Devolutions Server is affected by a vulnerability.
Produits affectés
Devolutions Server 2024.2.10.0 and earlier
Journal des modifications
2024-09-25 - Initial publication 2024-10-01 - Initial publication
Sévérité
Medium
Produit
Devolutions Server
Version corrigée
2024.2.12.0
Incorrect Authorization via PAM module
Description
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server to 2024.3 and higher
Sévérité
Medium - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produits affectés
Devolutions Server 2024.2.10.0 and earlier
CVE(s)
CVE-2024-6512