CVE-2023-2445

2023-05-0213:11:06

DEVOLUTIONS

www.cve.org

improper access control

subscriptions folder

devolutions server 2023.1.1

administrator privileges

user vaults

usage information

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Devolutions Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.1.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0013/