Portal Portal Forum Forum Devolutions Force Devolutions Force Devolutions Hub Business Devolutions Hub Business Devolutions Hub Personal Devolutions Hub Personal Download RDM RDM Workspace Workspace Launcher Launcher

Security & Compliance

Security & Compliance Reporting a Security Issue Advisories

DEVO-2023-0002

Summary

Devolutions Server is affected by a security vulnerability.

Affected Products

Devolutions Server 2022.3.1 up to 2022.3.9.

Change Log

Update - Affected Products are more specific Initial publication - 2023-02-03

Severity

Medium

Product

Devolutions Server

Fix Version

2022.3.10

Improper access control vulnerability in Devolutions Server

Description

Improper access control in the entry retrieving (/api/connections/partial/entryId) feature in Devolutions Server allows an authenticated user to access unauthorized sensitive data.

Remediation and Workarounds

Update to Devolutions Server 2022.3.10 or higher

Severity

Medium - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Devolutions Server 2022.3.9 and earlier.

CVE(s)

CVE-2023-0661