Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-0952: DEVO-2023-0003

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization.

CVE
#sql#vulnerability#auth

Security & Compliance Reporting a Security Issue Advisories

Affected Products

Devolutions Server 2022.3.12 and below.

Change Log

Initial publication - 2023-02-22

Product

Devolutions Server

Summary

Devolutions Server is affected by multiple security vulnerabilities.

SQL Injection in the documentation component

Description

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

Remediation and Workarounds

Upgrade to Devolutions Server 2022.3.13 or higher

Severity

Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9

Affected Products

Devolutions Server 2022.3.12 and earlier.

Improper access control on endpoints in Devolutions Server

Description

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

Remediation and Workarounds

Upgrade to Devolutions Server to 2022.3.13 or higher.

Severity

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5

Affected Products

Devolutions Server 2022.3.12 and earlier

Improper access controls on entries in Devolutions Server

Description

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.

Remediation and Workarounds

Upgrade Devolutions Server to 2022.3.13 and higher

Severity

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5

Affected Products

Devolutions Server 2022.3.12 and earlier

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905