Описание
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2024.3.0 (исключая)
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00085
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
EPSS
Процентиль: 25%
0.00085
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
CWE-863