Security & compliance
Upholding the highest standards to protect your data and ensure trust.
DEVO-2024-0013
Devolutions Server is affected by a vulnerability.
Affected Products
Change Log
2024-09-25 - Initial publication 2024-10-01 - Initial publication
Incorrect Authorization via PAM module
Medium - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
CVE(s)
CVE-2024-6512
Remediation and Workarounds
Upgrade to Devolutions Server to 2024.3 and higher