Headline
CVE-2023-6264: Devolutions
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.
DEVO-2023-0020****Summary
Devolutions Server is affected by a security vulnerability.
Affected Products
Devolutions Server 2023.3.7.0 and earlier
Change Log
2023-11-22 - Initial Publication
Severity
Low
Product
Devolutions Server
Fix Version
Devolutions Server 2023.3.8.0
Information leak in Content-Security-Policy header****Description
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.
Remediation and Workarounds
Upgrade to Devolutions Server 2023.3.8 or higher
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/U:Green 6.3 Medium
Affected Products
Devolutions Server 2023.3.7 and earlier
CVE(s)
CVE-2023-6264