Security & Compliance
Devolutions Server secure messages feature is affected by a security vulnerability.
Devolutions Server 2022.3.12 and below
Initial publication - 2023-03-06
Improper access control in the secure messages feature
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.
Devolutions Server uses a secure CSPRNG to generate UUID which would, in theory, not allow an attacker to brute force or guess this ID. Therefore, the attacker must find another vulnerability to exploit this issue.
Remediation and Workarounds
Upgrade to Devolutions Server 2022.3.13 and higher.
Medium - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 5.3
Devolutions Server 2022.3.12 and below.