Sécurité et conformité
DEVO-2025-0013
Résumé
Devolutions Server is affected by multiples vulnerabilites
Produits affectés
Devolutions Server 2025.2.5.0 and earlier
Journal des modifications
30/07/2025 - Initial publication
Sévérité
High
Produit
Devolutions Server
Version corrigée
2025.2.7.0
Deadlock in PAM automatic check-in feature in Devolutions Server
Description
Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2025.2.7.0 or higher
Sévérité
7.3 High - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H
Produits affectés
Devolutions Server 2025.2.5.0 and earlier
CVE(s)
CVE-2025-8312
UI Discrepancy when performing JIT group deletion
Description
UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2025.2.5.0 or higher
Sévérité
2.1 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Produits affectés
Devolutions Server 2025.2.4 and earlier
CVE(s)
CVE-2025-8353