Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
devolutions

Server

15 Versions 18 CVEs

Versions

2024.3.7.0

OTHER 1 CVE

2024.1.8.0

OTHER 1 CVE

2023.1.8

SEMANTIC 1 CVE

0

SINGLE_NUMBER 18 CVEs

2024.1.11.0

OTHER 1 CVE

2024.1.10.0

OTHER 1 CVE

2024.3.6.0

OTHER 1 CVE

2024.1.14.0

OTHER 1 CVE

2024.1.6

SEMANTIC 2 CVEs

2022.3.13

SEMANTIC 1 CVE

2023.3.14.0

OTHER 4 CVEs

2023.2.8.0

OTHER 1 CVE

2022.3.13.0

OTHER 1 CVE

2023.3.7

SEMANTIC 1 CVE

2024.3.8.0

OTHER 1 CVE

Recent CVEs

CVE-2024-4846

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.

MEDIUM Jun 25, 2024

CVE-2024-1764

Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances

UNKNOWN Mar 05, 2024

CVE-2024-1898

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator.

LOW Mar 05, 2024

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The user will stay authenticated until the Devolutions Server token expiration.

MEDIUM Mar 05, 2024

CVE-2024-1901

Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable.

MEDIUM Mar 05, 2024

CVE-2023-6264

Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.

UNKNOWN Nov 22, 2023

CVE-2023-5575

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.

UNKNOWN Oct 16, 2023

CVE-2023-5240

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.

UNKNOWN Oct 13, 2023

CVE-2023-2400

Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.

UNKNOWN Jun 20, 2023

CVE-2023-1603

Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.

UNKNOWN Mar 23, 2023