Описание
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2023.1.3.0 (исключая)
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00122
Низкий
4.9 Medium
CVSS3
Дефекты
NVD-CWE-Other
CWE-346
Связанные уязвимости
CVSS3: 4.9
github
почти 3 года назад
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
EPSS
Процентиль: 32%
0.00122
Низкий
4.9 Medium
CVSS3
Дефекты
NVD-CWE-Other
CWE-346