First published: Fri Apr 21 2023(Updated: )
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
Credit: security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Devolutions Server | <2023.1.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-2118.
The affected software is Devolutions Server 2023.1.5.0 and below.
The severity rating of this vulnerability is medium with a CVSS score of 5.4.
An authenticated attacker can send support tickets and download diagnostic files via specific endpoints.
Yes, a fix is available in Devolutions Server version 2023.1.6.0 and above.