CVE-2021-23923

An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.

CVE-2024-2915

Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.

CVE-2022-33996

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.

CVE-2023-0951

Improper access controls on some API endpoints in Devolutions Server 2022.3.12and earlier could allow a standard privileged user to perform privilegedactions.

CVE-2025-4433

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.

CVE-2023-0953

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.