First published: Tue May 02 2023(Updated: )
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
Credit: security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Devolutions Server | <2023.1.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2445 is a vulnerability that allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name in Devolutions Server 2023.1.1 and earlier.
CVE-2023-2445 has a severity level of medium with a CVSS score of 4.9.
Devolutions Server versions up to 2023.1.3.0 are affected by CVE-2023-2445.
An attacker with administrator privileges can exploit CVE-2023-2445 to retrieve usage information on folders in user vaults by using a specific folder name.
To fix CVE-2023-2445, users should upgrade to Devolutions Server version 2023.1.3.0 or later.