Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
References
Link | Resource |
---|---|
https://devolutions.net/security/advisories/DEVO-2024-0013 | Vendor Advisory |
Configurations
History
01 Oct 2024, 16:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://devolutions.net/security/advisories/DEVO-2024-0013 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Devolutions
Devolutions devolutions Server |
|
CPE | cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Sep 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-25 14:15
Updated : 2024-10-01 16:36
NVD link : CVE-2024-6512
Mitre link : CVE-2024-6512
CVE.ORG link : CVE-2024-6512
JSON object : View
Products Affected
devolutions
- devolutions_server
CWE
CWE-863
Incorrect Authorization