Description


Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.

Related CPE's


Weaknesses



CWE-863


CWE-863

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-04-02T21:15:08.427

2 years ago

Last modified

2025-02-25T18:15:26.387

4 months ago