Portal Portal Forum Forum Devolutions Force Devolutions Force Devolutions Hub Business Devolutions Hub Business Devolutions Hub Personal Devolutions Hub Personal Download RDM RDM Workspace Workspace Launcher Launcher

Security & Compliance

Security & Compliance Reporting a Security Issue Advisories

DEVO-2023-0020

Summary

Devolutions Server is affected by a security vulnerability.

Affected Products

Devolutions Server 2023.3.7.0 and earlier

Change Log

2023-11-22 - Initial Publication

Severity

Low

Product

Devolutions Server

Fix Version

Devolutions Server 2023.3.8.0

Information leak in Content-Security-Policy header

Description

Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.

Remediation and Workarounds

Upgrade to Devolutions Server 2023.3.8 or higher

Severity

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/U:Green 6.3 Medium

Affected Products

Devolutions Server 2023.3.7 and earlier

CVE(s)

CVE-2023-6264