Lucene search

[email protected]CVE-2023-6264

HistoryNov 22, 2023 - 7:15 p.m.

CVE-2023-6264

2023-11-2219:15:09

CWE-200

[email protected]

web.nvd.nist.gov

cve-2023

information leak

content-security-policy

devolutions server

devolutions gateways

endpoint listing

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.

Affected configurations

NVD

Node

devolutionsdevolutions_serverRange<2023.3.8.0

CPENameOperatorVersion
devolutions:devolutions_serverdevolutions devolutions serverlt2023.3.8.0

CPE	Name	Operator	Version
devolutions:devolutions_server	devolutions devolutions server	lt	2023.3.8.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Devolutions Gateway",
      "Content-Security-Policy"
    ],
    "product": "Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.3.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0020/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for CVE-2023-6264

prion1 nvd1 cvelist1