Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
History

Tue, 01 Oct 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Devolutions
Devolutions devolutions Server
CPEs cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
Vendors & Products Devolutions
Devolutions devolutions Server
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}


Wed, 25 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 25 Sep 2024 14:00:00 +0000

Type Values Removed Values Added
Description Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
Weaknesses CWE-863
References

cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published: 2024-09-25T13:55:28.818Z

Updated: 2024-09-25T14:23:13.773Z

Reserved: 2024-07-04T13:18:53.683Z

Link: CVE-2024-6512

cve-icon Vulnrichment

Updated: 2024-09-25T14:23:10.434Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-25T14:15:05.560

Modified: 2024-10-01T16:36:43.733

Link: CVE-2024-6512

cve-icon Redhat

No data.