Lucene search

[email protected]CVE-2023-0661

HistoryFeb 12, 2023 - 4:15 a.m.

CVE-2023-0661

2023-02-1204:15:19

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2023-0661

devolutions server

access control

unauthorized access

sensitive data

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

27.3%

JSON

Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.

CPENameOperatorVersion
devolutions:devolutions_serverdevolutions devolutions serverle2022.3.9
devolutions:devolutions_serverdevolutions devolutions servereq2022.3.8.0
devolutions:devolutions_serverdevolutions devolutions servereq2022.3.6.0
devolutions:devolutions_serverdevolutions devolutions servereq2022.3.7.0
devolutions:devolutions_serverdevolutions devolutions servereq2022.3.3.0
devolutions:devolutions_serverdevolutions devolutions servereq2022.3.5.0
devolutions:devolutions_serverdevolutions devolutions servereq2022.3.2
devolutions:devolutions_serverdevolutions devolutions servereq2022.3.4.0

CPE	Name	Operator	Version
devolutions:devolutions_server	devolutions devolutions server	le	2022.3.9
devolutions:devolutions_server	devolutions devolutions server	eq	2022.3.8.0
devolutions:devolutions_server	devolutions devolutions server	eq	2022.3.6.0
devolutions:devolutions_server	devolutions devolutions server	eq	2022.3.7.0
devolutions:devolutions_server	devolutions devolutions server	eq	2022.3.3.0
devolutions:devolutions_server	devolutions devolutions server	eq	2022.3.5.0
devolutions:devolutions_server	devolutions devolutions server	eq	2022.3.2
devolutions:devolutions_server	devolutions devolutions server	eq	2022.3.4.0

References

devolutions.net/security/advisories/DEVO-2023-0002

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for CVE-2023-0661

prion1 cvelist1