CVE-2023-6264

2023-11-2218:39:21

DEVOLUTIONS

www.cve.org

information leak

content-security-policy

devolutions server

unauthenticated access

gateway endpoints

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Devolutions Gateway",
      "Content-Security-Policy"
    ],
    "product": "Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.3.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0020/