Security & Compliance
Devolutions Server support ticket endpoints are affected by a security vulnerability.
Devolutions Server 2023.1.5.0 and below
Initial publication - 2023-04-17 Fixed typo - 2023-04-24
Endpoint for diagnostic logs not limited to administrators
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
Remediation and Workarounds
Upgrade to Devolutions Server 2023.1.6.0 or higher
Medium 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Devolutions Server 2023.1.5.0 and earlier.