Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://devolutions.net/security/advisories/DEVO-2024-0013 |
History
Tue, 01 Oct 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Devolutions
Devolutions devolutions Server |
|
CPEs | cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Devolutions
Devolutions devolutions Server |
|
Metrics |
cvssV3_1
|
Wed, 25 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 25 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | |
Weaknesses | CWE-863 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: DEVOLUTIONS
Published: 2024-09-25T13:55:28.818Z
Updated: 2024-09-25T14:23:13.773Z
Reserved: 2024-07-04T13:18:53.683Z
Link: CVE-2024-6512
Vulnrichment
Updated: 2024-09-25T14:23:10.434Z
NVD
Status : Analyzed
Published: 2024-09-25T14:15:05.560
Modified: 2024-10-01T16:36:43.733
Link: CVE-2024-6512
Redhat
No data.