Lucene search

[email protected]NVD:CVE-2023-1202

HistoryApr 02, 2023 - 9:15 p.m.

CVE-2023-1202

2023-04-0221:15:08

CWE-863

[email protected]

web.nvd.nist.gov

cve-2023-1202

devolutions remote desktop manager

permission bypass

user vault

entry permission

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.2%

JSON

Permission bypass when importing or synchronizing entries in User vault

in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.

Affected configurations

NVD

Node

devolutionsremote_desktop_managerRange<2023.1.10

References

devolutions.net/security/advisories/DEVO-2023-0008

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.2%

JSON

Related for NVD:CVE-2023-1202

prion1 cve1 cvelist1