CVE-2023-1603

2023-03-2317:13:31

DEVOLUTIONS

www.cve.org

cve-2023-1603

importing entries

synchronizing entries

devolutions server 2022.3.13

restricted rights

entry permission

id collision

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

21.0%

JSON

Permission bypass when importing or synchronizing entries in User vault

in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2022.3.13",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0008