CVE-2024-1898

2024-03-0521:35:04

DEVOLUTIONS

www.cve.org

improper access control

devolutions server

notification settings

low privileged user

administrator configuration

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.3.14.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2024-0002