CVE-2023-5575

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2022.3.13.0 and earlier

Description The issue is related to improper access control in permission inheritance, allowing an attacker who has compromised a low-privileged user to access entries through a specific combination of permissions in the entry and its parent.

Recommendations For Devolutions Server versions 2022.3.13.0 and earlier, update to a version later than 2022.3.13.0 to resolve the issue. As a temporary workaround, consider restricting the use of permission inheritance in Devolutions Server until a patch is available. Restrict access to sensitive entries and their parents to minimize the risk of exploitation.