exploitDog

CVE-2024-4846

Опубликовано: 25 июн. 2024

Источник: nvd

CVSS3: 6.3

EPSS Низкий

Описание

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.

Ссылки

https://devolutions.net/security/advisories/DEVO-2024-0009
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2024-0009
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*

Версия до 2024.1.15.0 (исключая)

EPSS

Процентиль: 26%

0.00092

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-290

Связанные уязвимости

GHSA-rp3r-3vq4-29fg

CVSS3: 6.3

github

больше 1 года назад

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.

EPSS

Процентиль: 26%

0.00092

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-290