First published: Wed Nov 01 2023(Updated: )
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.
Credit: security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
<2023.3.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5358 is a vulnerability that allows attackers to retrieve logs from vaults in Devolutions Server that they are not allowed to access.
The severity of CVE-2023-5358 is medium, with a severity value of 5.3.
CVE-2023-5358 works by exploiting improper access control in the Report log filters feature of Devolutions Server, allowing attackers to retrieve logs from unauthorized vaults or entries via the report request URL query parameters.
To fix CVE-2023-5358, it is recommended to upgrade to Devolutions Server version 2023.3.4.0 or later.
You can find more information about CVE-2023-5358 in the Devolutions Server security advisory: https://devolutions.net/security/advisories/DEVO-2023-0019/