exploitDog

CVE-2023-5240

Опубликовано: 13 окт. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.

Ссылки

https://devolutions.net/security/advisories/DEVO-2023-0017
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0017
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*

Версия до 2023.2.8.0 (включая)

EPSS

Процентиль: 40%

0.00177

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-284

Связанные уязвимости

GHSA-r45f-qh5g-8496

CVSS3: 7.5

github

больше 2 лет назад

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.

EPSS

Процентиль: 40%

0.00177

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-284