First published: Wed Nov 22 2023(Updated: )
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.
Credit: security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Devolutions Server | <2023.3.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6264 is an information leak vulnerability in the Content-Security-Policy header in Devolutions Server 2023.3.7.0.
CVE-2023-6264 has a severity score of 5.3, which is considered medium.
CVE-2023-6264 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.
The affected software version of CVE-2023-6264 is Devolutions Server 2023.3.7.0 up to exclusive version 2023.3.8.0.
Please refer to the advisory at https://devolutions.net/security/advisories/DEVO-2023-0020/ for information on how to fix CVE-2023-6264.