PAM JIT Elevation Vulnerability Allows Unauthorized Access
CVE-2024-2915

Currently unrated

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 26 March 2024

What is CVE-2024-2915?

Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.

Affected Version(s)

Server 0 <= 2024.1.6

References

https://devolutions.net/security/advisories/DEVO-2024-0005

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Mar 26, 2024