Headline
CVE-2023-6588: Devolutions
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline.
DEVO-2023-0022****Summary
Devolutions Workspace is affected by a vulnerability.
Affected Products
Devolutions Workspace 2023.3.2.0 and earlier
Change Log
2023-12-07 - Initial publication
Severity
Low
Product
Devolutions Workspace
Fix Version
2023.3
Offline mode permission not enforced****Description
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline.
Remediation and Workarounds
Upgrade to Devolutions Workspace 2023.3.0 or higher.
Severity
2.3 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green
Affected Products
Devolutions Workspace 2023.3.2.0 and earlier
CVE(s)
CVE-2023-6588