Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://devolutions.net/security/advisories/DEVO-2023-0017 |
History
Wed, 18 Sep 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: DEVOLUTIONS
Published: 2023-10-13T12:22:23.816Z
Updated: 2024-09-17T20:28:22.828Z
Reserved: 2023-09-27T18:43:43.331Z
Link: CVE-2023-5240
Vulnrichment
Updated: 2024-08-02T07:52:08.519Z
NVD
Status : Modified
Published: 2023-10-13T13:15:12.693
Modified: 2024-11-21T08:41:21.410
Link: CVE-2023-5240
Redhat
No data.