Description


Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.

Related CPE's


Weaknesses



CWE-863


CWE-863

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-04-02T21:15:08.250

2 years ago

Last modified

2025-02-20T21:15:24.633

2 months ago