Permission bypass when importing or synchronizing entries in User vault
in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.
References
Link | Resource |
---|---|
https://devolutions.net/security/advisories/DEVO-2023-0008 | Vendor Advisory |
Configurations
History
07 Nov 2023, 04:04
Type | Values Removed | Values Added |
---|---|---|
Summary | Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. |
07 Apr 2023, 19:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
CPE | cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* | |
References | (MISC) https://devolutions.net/security/advisories/DEVO-2023-0008 - Vendor Advisory | |
First Time |
Devolutions
Devolutions devolutions Server |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
02 Apr 2023, 23:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-02 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-1603
Mitre link : CVE-2023-1603
CVE.ORG link : CVE-2023-1603
JSON object : View
Products Affected
devolutions
- devolutions_server
CWE
CWE-863
Incorrect Authorization