Lucene search

DEVOLUTIONSCVE-2023-6588

HistoryDec 07, 2023 - 4:15 p.m.

CVE-2023-6588

2023-12-0716:15:07

DEVOLUTIONS

web.nvd.nist.gov

cve

2023

6588

devolutions server

devolutions workspace

data source

security

vulnerability

access control

offline mode

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Offline mode is always enabled, even if permission disallows it, in
Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and
earlier. This allows an attacker with access to the Workspace
application to access credentials when offline.

Affected configurations

Nvd

Node

devolutionsworkspaceRange≤2023.3.2.0-

VendorProductVersionCPE
devolutionsworkspace*cpe:2.3:a:devolutions:workspace:*:*:*:*:-:*:*:*

Vendor	Product	Version	CPE
devolutions	workspace	*	cpe:2.3:a:devolutions:workspace:::::-:::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Offline Mode",
      "Devolutions Server Data Source"
    ],
    "product": "Workspace",
    "vendor": "Devolutions",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0022/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Related for CVE-2023-6588