Sécurité et conformité
Nous respectons les normes les plus élevées pour protéger vos données et garantir la confiance.
DEVO-2025-0010
Devolutions Server is affected by a vulnerability.
Produits affectés
Journal des modifications
30/05/2025 - Initial publication
8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Improper access control in user group management
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
Produits affectés
CVE(s)
CVE-2025-4433
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2025.1.9.0 or higher
Credits
Gino Boudreau (mononclemich)