CVE-2024-6512

Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*

History

01 Oct 2024, 16:36

Type Values Removed Values Added
References () https://devolutions.net/security/advisories/DEVO-2024-0013 - () https://devolutions.net/security/advisories/DEVO-2024-0013 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Devolutions
Devolutions devolutions Server
CPE cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) La omisión de autorización en el mecanismo de aprobación de solicitud de acceso PAM en Devolutions Server 2024.2.10 y versiones anteriores permite a los usuarios autenticados con permisos aprobar sus propias solicitudes, omitiendo las restricciones de seguridad previstas, a través del mecanismo de aprobación de solicitud de acceso PAM.

25 Sep 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 14:15

Updated : 2024-10-01 16:36


NVD link : CVE-2024-6512

Mitre link : CVE-2024-6512

CVE.ORG link : CVE-2024-6512


JSON object : View

Products Affected

devolutions

  • devolutions_server
CWE
CWE-863

Incorrect Authorization