Описание
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2023.3.4.0 (исключая)
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.0022
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.
EPSS
Процентиль: 44%
0.0022
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-Other