CVE-2023-2118

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2023.1.5.0 and below

Description The issue is related to insufficient access control in the support ticket feature, allowing an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.

Recommendations For Devolutions Server versions 2023.1.5.0 and below, consider restricting access to the support ticket feature until a fix is available. As a temporary workaround, limit the ability to send support tickets and download diagnostic files to authorized personnel only. Avoid using the vulnerable support ticket feature in Devolutions Server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.