Permission bypass when importing or synchronizing entriesĀ in User vault
in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.
References
Link | Resource |
---|---|
https://devolutions.net/security/advisories/DEVO-2023-0008 | Vendor Advisory |
Configurations
History
07 Nov 2023, 04:04
Type | Values Removed | Values Added |
---|---|---|
Summary | Permission bypass when importing or synchronizing entriesĀ in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. |
Information
Published : 2023-04-02 21:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1603
Mitre link : CVE-2023-1603
CVE.ORG link : CVE-2023-1603
JSON object : View
Products Affected
devolutions
- devolutions_server
CWE
CWE-863
Incorrect Authorization