PT-2021-17729 · Devolutions · Devolutions Server

Published

2021-04-14

Updated

2021-04-21

CVE-2021-28048

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions prior to 2021.1 Devolutions Server LTS versions prior to 2020.3.18

Description: The issue is related to an overly permissive CORS policy, which allows a remote attacker to leak cross-origin data. This can be achieved by using a crafted HTML page.

Recommendations: For Devolutions Server versions prior to 2021.1, update to version 2021.1 or later. For Devolutions Server LTS versions prior to 2020.3.18, update to version 2020.3.18 or later.

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

CVE-2021-28048

Affected Products

Devolutions Server

PT-2021-17729 · Devolutions · Devolutions Server

CVE-2021-28048

Weakness Enumeration

Related Identifiers

Affected Products

References · 3