Improper Access Control in Devolutions Server by Devolutions
CVE-2023-0661

6.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Devolutions Server
Vendor: CVE Published:; 12 February 2023

What is CVE-2023-0661?

An improper access control vulnerability in Devolutions Server permits an authenticated user to gain access to unauthorized sensitive information. This flaw can expose critical data, potentially leading to severe privacy issues and data breaches. Proper mitigation measures are essential to ensure that data remains protected and accessed only by authorized personnel.

Affected Version(s)

Devolutions Server 0 <= 2022.3.9

References

https://devolutions.net/security/advisories/DEVO-2023-0002

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2023
Vulnerability Reserved
Feb 3, 2023