Описание
Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2025.1.6.0 (исключая)
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-266
Связанные уязвимости
CVSS3: 6.3
github
9 месяцев назад
Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.
EPSS
Процентиль: 22%
0.00071
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-266