Lucene search
DEVOLUTIONSCVE-2023-2445HistoryMay 02, 2023 - 2:15 p.m.
CVE-2023-2445
2023-05-0214:15:09
DEVOLUTIONS
web.nvd.nist.gov
25
cve-2023-2445
improper access control
subscriptions folder
devolutions server
security vulnerability
information security
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
4.9
Confidence
High
EPSS
0.001
Percentile
23.8%
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
Affected configurations
Node
devolutionsdevolutions_serverRange<2023.1.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| devolutions | devolutions_server | * | cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Improper access control
2023-05-02 14:15:00
cvelist
cvelist
CVE-2023-2445
2023-05-02 13:11:06
nvd
nvd
CVE-2023-2445
2023-05-02 14:15:09
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
4.9
Confidence
High
EPSS
0.001
Percentile
23.8%
Related for CVE-2023-2445