Description
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.
References
https://devolutions.net/security/advisories/DEVO-2023-0008
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0008
Vendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-04-02T21:15:08.427
2 years agoLast modified
2025-02-25T18:15:26.387
4 months ago