PT-2023-16816 · Devolutions · Devolutions Server
Published
2023-03-06
·
Updated
2023-03-15
·
CVE-2023-1201
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Devolutions Server versions 2022.3.12 and below
Description
The issue concerns improper access control in the secure messages feature, allowing an authenticated attacker with the message UUID to access the contained data.
Recommendations
For Devolutions Server versions 2022.3.12 and below, consider restricting access to the secure messages feature until a fix is available. As a temporary workaround, limit the exposure of message UUIDs to minimize the risk of unauthorized access.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Devolutions Server