Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5240: Devolutions

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.

CVE
Open in Source
#vulnerability

DEVO-2023-0017****Summary

Devolutions Server is affected by a security vulnerability.

Affected Products

Devolutions Server 2023.2.8.0 and earlier

Change Log

2023-10-13 - Initial publication

Severity

Medium

Product

Devolutions Server

Fix Version

2023.2.9.0

Information leak in PAM propagation scripts****Description

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.

Remediation and Workarounds

Upgrade to Devolutions Server 2023.2.9.0 or higher.

Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 4.9 medium

Affected Products

Devolutions Server 2023.2.8.0 and earlier

CVE(s)

CVE-2023-5240

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE