Portal
Forum
Devolutions Force
Devolutions Hub Business
Devolutions Hub Personal
RDM
Web Login
Workspace
Launcher
Security & Compliance
DEVO-2023-0013
Summary
Devolutions Server subscription functionality is affected by a security vulnerability
Affected Products
Devolutions Server 2023.1.1.0 and below
Change Log
Initial publication - 2023-05-02
Severity
Low
Product
Devolutions Server
Fix Version
2023.1.3
Improper access control in Subscriptions Folder path filter
Description
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
Remediation and Workarounds
Upgrade to Devolutions Server to 2023.1.3 and higher
Severity
Low - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Affected Products
Devolutions Server 2023.1.1 and earlier
CVE(s)
CVE-2023-2445