First published: Wed Feb 22 2023(Updated: )
Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.
Credit: security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Devolutions Server | <=2022.3.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0951 is a vulnerability in Devolutions Server 2022.3.12 and earlier that allows a standard privileged user to perform privileged actions due to improper access controls on some API endpoints.
CVE-2023-0951 has a severity rating of 8.8 (high).
CVE-2023-0951 affects Devolutions Server versions up to and including 2022.3.12.
To fix CVE-2023-0951, it is recommended to update to a version of Devolutions Server that is not affected by this vulnerability.
More information about CVE-2023-0951 can be found at the following link: https://devolutions.net/security/advisories/DEVO-2023-0003.