CVE-2023-5358

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2023.2.10.0 and earlier

Description The issue is related to improper access control in the Report log filters feature, allowing attackers to retrieve logs from vaults or entries they are not allowed to access. This can be achieved via the report request URL query parameters.

Recommendations For Devolutions Server versions 2023.2.10.0 and earlier, consider restricting access to the Report log filters feature until a patch is available. As a temporary workaround, avoid using the report request URL query parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.