831 matches found
CVE-2024-1901
Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable...
Devolutions Server Security Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which stems from incorrect access control in the notification...
Devolutions Server Security Vulnerability
Devolutions Server is an application from Devolutions Canada. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which stems from incorrect session management in the identity...
Devolutions Server Security Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which originates from PAM password rotation during the sign-in...
Devolutions Server Security Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which stems from improper privilege management in the Just-in-ti...
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2023-6588
CVE-2023-6588 affects Devolutions Workspace (versions 2023.3.2.0 and earlier) where offline mode is always enabled in the Devolutions Server data source. The underlying issue allows an attacker with access to the Workspace application to access credentials while offline. The NVD entry lists a CVS...
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2023-6264
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints...
CVE-2023-6264
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints...
Information disclosure
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints...
CVE-2023-6264
The CVE-2023-6264 case concerns Devolutions Server (version 2023.3.7.0). The issue is an information leak in the Content-Security-Policy header that allows an unauthenticated attacker to list configured Devolutions Gateways endpoints, i.e., information disclosure with network access (no authentic...
CVE-2023-6264
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints...
Devolutions Server Information Disclosure Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.7.0. An attacker could exploit the vulnerability to list configured Devolutions Gateway...
PT-2023-32581 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server version 2023.3.7.0 Description: The issue concerns an information leak in the Content-Security-Policy header, allowing an unauthenticated attacker to list the configured Devolutions Gateways endpoints. Recommendations: For...
CVE-2023-5358
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters...
CVE-2023-5358
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters...
Improper access control
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters...
CVE-2023-5358
CVE-2023-5358 affects Devolutions Server (versions ≤ 2023.2.10.0). The issue is an improper access control in the Report log filters feature, which allows an attacker to retrieve logs from vaults or entries beyond their permissions via the report request URL query parameters. The public documenta...