Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://devolutions.net/security/advisories/DEVO-2024-0017 |
History
Thu, 05 Dec 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Devolutions
Devolutions remote Desktop Manager |
|
CPEs | cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:* | |
Vendors & Products |
Devolutions
Devolutions remote Desktop Manager |
|
Metrics |
cvssV3_1
|
Wed, 04 Dec 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. | |
Weaknesses | CWE-732 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: DEVOLUTIONS
Published: 2024-12-04T17:18:01.565Z
Updated: 2024-12-05T18:46:29.926Z
Reserved: 2024-12-04T13:27:48.580Z
Link: CVE-2024-12149
Vulnrichment
Updated: 2024-12-05T18:46:22.340Z
NVD
Status : Awaiting Analysis
Published: 2024-12-04T18:15:12.350
Modified: 2024-12-05T19:15:07.627
Link: CVE-2024-12149
Redhat
No data.