CVE-2023-5240

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
devolutionsdevolutions_server
𝑥
≤ 2023.2.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://devolutions.net/security/advisories/DEVO-2023-0017
https://devolutions.net/security/advisories/DEVO-2023-0017