Описание
UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2025.2.5.0 (исключая)
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00059
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-446
Связанные уязвимости
CVSS3: 5.9
github
около 1 месяца назад
UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
EPSS
Процентиль: 19%
0.00059
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-446