exploitDog

CVE-2023-6588

Опубликовано: 07 дек. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline.

Ссылки

https://devolutions.net/security/advisories/DEVO-2023-0022/
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0022/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:devolutions:workspace:*:*:*:*:-:*:*:*

Версия до 2023.3.2.0 (включая)

EPSS

Процентиль: 56%

0.00339

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3mp7-3wf9-mp89

CVSS3: 6.5

github

около 2 лет назад

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline.

EPSS

Процентиль: 56%

0.00339

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo