Security & Compliance
DEVO-2023-0010
Summary
Devolutions Server support ticket endpoints are affected by a security vulnerability.
Affected Products
Devolutions Server 2023.1.5.0 and below
Change Log
Initial publication - 2023-04-17 Fixed typo - 2023-04-24
Severity
Medium
Product
Devolutions Server
Fix Version
2023.1.6.0
Endpoint for diagnostic logs not limited to administrators
Description
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
Remediation and Workarounds
Upgrade to Devolutions Server 2023.1.6.0 or higher
Severity
Medium 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
Devolutions Server 2023.1.5.0 and earlier.
CVE(s)
CVE-2023-2118