Описание
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2025.1.9.0 (исключая)
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
8.8 High
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
8 месяцев назад
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
EPSS
Процентиль: 20%
0.00064
Низкий
8.8 High
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo