Products
Devolutions Server
- 2024.2.10
- before 2024.2.10
Source
security@devolutions.net
Tags
CVE-2024-6512 details
Published : Sept. 25, 2024, 2:15 p.m.
Last Modified : Sept. 25, 2024, 2:15 p.m.
Last Modified : Sept. 25, 2024, 2:15 p.m.
Description
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-863 | Incorrect Authorization | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. |
References
| URL | Source |
|---|---|
| https://devolutions.net/security/advisories/DEVO-2024-0013 | security@devolutions.net |
This website uses the NVD API, but is not approved or certified by it.