CVE-2023-2400

2023-06-2016:19:50

DEVOLUTIONS

www.cve.org

improper deletion

user management

administrator access

vault security

database access

4.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "User Management"
    ],
    "product": "Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.1.8",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0014