First published: Thu Mar 23 2023(Updated: )
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.
Credit: security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Devolutions Server | <2023.1.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1603 is a vulnerability that allows users with restricted rights to bypass entry permission via id collision when importing or synchronizing entries in the User vault in Devolutions Server 2022.3.13 and prior versions.
CVE-2023-1603 allows users with restricted rights to bypass entry permission in Devolutions Server when importing or synchronizing entries in the User vault.
The severity of CVE-2023-1603 is medium.
To fix CVE-2023-1603, users should update to Devolutions Server version 2023.1.3.0 or higher.
More information about CVE-2023-1603 can be found at the following link: [CVE-2023-1603](https://devolutions.net/security/advisories/DEVO-2023-0008).