First published: Fri Oct 13 2023(Updated: )
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
Credit: security@devolutions.net security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Devolutions Server | <=2023.2.8.0 | |
<=2023.2.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue in Devolutions Server is CVE-2023-5240.
CVE-2023-5240 has a severity rating of 7.5 (high).
Devolutions Server 2023.2.8.0 and earlier versions are affected by this vulnerability.
An attacker with permission to manage PAM propagation scripts can retrieve passwords stored in it via a GET request.
For information about the fix for CVE-2023-5240, please refer to the following advisory: https://devolutions.net/security/advisories/DEVO-2023-0017