Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.
History

Wed, 30 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-212
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published: 2024-06-17T12:55:28.759Z

Updated: 2024-10-30T19:14:03.801Z

Reserved: 2024-06-17T12:41:04.564Z

Link: CVE-2024-6055

cve-icon Vulnrichment

Updated: 2024-08-01T21:25:03.279Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-17T13:15:53.697

Modified: 2024-11-21T09:48:51.270

Link: CVE-2024-6055

cve-icon Redhat

No data.