Security & Compliance
Devolutions Server is affected by a security vulnerability.
Devolutions Server 2022.3.1 up to 2022.3.9.
Update - Affected Products are more specific Initial publication - 2023-02-03
Improper access control vulnerability in Devolutions Server
Improper access control in the entry retrieving (/api/connections/partial/entryId) feature in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
Remediation and Workarounds
Update to Devolutions Server 2022.3.10 or higher
Medium - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Devolutions Server 2022.3.9 and earlier.