exploitDog

CVE-2023-1202

Опубликовано: 02 апр. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Permission bypass when importing or synchronizing entries in User vault

in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.

Ссылки

https://devolutions.net/security/advisories/DEVO-2023-0008
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0008
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

Версия до 2023.1.10 (исключая)

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-863

CWE-863

Связанные уязвимости

GHSA-cwg2-4rcv-xcc4

CVSS3: 6.5

github

почти 3 года назад

Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-863

CWE-863