Authorization Bypass in Devolutions Remote Desktop Manager for Windows
CVE-2024-11672

Currently unrated

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 25 November 2024

What is CVE-2024-11672?

The Devolutions Remote Desktop Manager on Windows has a flaw in its add permission component that allows an authenticated user to bypass the 'Add' permission when using the import feature in the vault. This vulnerability opens the door for potential unauthorized access, enabling malicious users to manipulate permissions and access sensitive data without proper authorization.

References

https://devolutions.net/security/advisories/DEVO-2024-0016

Timeline

Vulnerability published
Nov 25, 2024