Devolutions: >> Devolutions Server >> 2023.1.0 Security Vulnerabilities
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-06-20
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-05-02
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-04-21
Permission bypass when importing or synchronizing entries in User vault
in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-04-02
Page 4