Описание
Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2026.1.12.0 (исключая)
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00036
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 5.4
github
7 дней назад
Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow.
EPSS
Процентиль: 11%
0.00036
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-287