Lucene search

[email protected]CVE-2023-6588

HistoryDec 07, 2023 - 4:15 p.m.

CVE-2023-6588

2023-12-0716:15:07

[email protected]

web.nvd.nist.gov

cve

2023

6588

devolutions server

devolutions workspace

data source

security

vulnerability

access control

offline mode

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Offline mode is always enabled, even if permission disallows it, in
Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and
earlier. This allows an attacker with access to the Workspace
application to access credentials when offline.

Affected configurations

NVD

Node

devolutionsworkspaceRange≤2023.3.2.0-

CPENameOperatorVersion
devolutions:workspacedevolutions workspacele2023.3.2.0

CPE	Name	Operator	Version
devolutions:workspace	devolutions workspace	le	2023.3.2.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Offline Mode",
      "Devolutions Server Data Source"
    ],
    "product": "Workspace",
    "vendor": "Devolutions",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0022/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVE-2023-6588

nvd1 cvelist1 prion1