CVE-2023-1201

2023-03-0617:15:00

DEVOLUTIONS

www.cve.org

cve-2023-1201

security

access control

devolutions server

authenticated attacker

message uuid

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.6%

JSON

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Devolutions Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2022.3.12",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0005