Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.
References
Link | Resource |
---|---|
https://devolutions.net/security/advisories/DEVO-2023-0019/ | Vendor Advisory |
Configurations
History
09 Nov 2023, 17:40
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://devolutions.net/security/advisories/DEVO-2023-0019/ - Vendor Advisory | |
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* | |
First Time |
Devolutions devolutions Server
Devolutions |
01 Nov 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-01 18:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-5358
Mitre link : CVE-2023-5358
CVE.ORG link : CVE-2023-5358
JSON object : View
Products Affected
devolutions
- devolutions_server
CWE