PAM JIT Elevation Feature Vulnerability
CVE-2024-2918

Currently unrated

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-2918?

An improper input validation flaw in the PAM JIT (Just-In-Time) elevation feature of Devolutions Server versions 2024.1.6 and earlier allows a malicious actor with access to the PAM JIT elevation functionality to manipulate the group that is displayed in the checkout request. This exploit can lead to unauthorized actions and potential compromise of sensitive permissions within the system. Organizations using affected versions of Devolutions Server should apply the necessary updates to mitigate this risk.

Affected Version(s)

Server 0 <= 2024.1.10.0

References

https://devolutions.net/security/advisories/DEVO-2024-0006

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 26, 2024