Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.
History

Thu, 05 Dec 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Devolutions
Devolutions remote Desktop Manager
CPEs cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*
Vendors & Products Devolutions
Devolutions remote Desktop Manager
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 04 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
Description Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.
Weaknesses CWE-732
References

cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published: 2024-12-04T17:18:01.565Z

Updated: 2024-12-05T18:46:29.926Z

Reserved: 2024-12-04T13:27:48.580Z

Link: CVE-2024-12149

cve-icon Vulnrichment

Updated: 2024-12-05T18:46:22.340Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-04T18:15:12.350

Modified: 2024-12-05T19:15:07.627

Link: CVE-2024-12149

cve-icon Redhat

No data.