Improper Access Control in Devolutions Server Affects Sensitive Log Retrieval
CVE-2023-5358

5.3MEDIUM

Key Information:

Vendor: Devolutions
Status: Devolutions Server
Vendor: CVE Published:; 1 November 2023

🔔 Create Devolutions Vulnerability Alert

What is CVE-2023-5358?

The vulnerability in Devolutions Server involves improper access control within the report log filters feature, which enables unauthorized users to exploit the system. Attackers can manipulate report request URL query parameters to retrieve sensitive logs from vaults or entries that they should not have access to. This poses a significant risk to the confidentiality of the logged information, allowing potential exposure of sensitive data.

Affected Version(s)

Devolutions Server Windows 0 <= 2023.2.10.0

References

https://devolutions.net/security/advisories/DEVO-2023-0019/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
Oct 3, 2023