CVE-2023-5240

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2023.2.8.0 and earlier

Description The issue is related to improper access control in PAM propagation scripts, allowing an attack with permission to manage these scripts to retrieve stored passwords via a GET request.

Recommendations For Devolutions Server versions 2023.2.8.0 and earlier, consider restricting access to PAM propagation scripts to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the permissions for managing PAM propagation scripts to only those necessary for operation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.