CVE-2023-5575

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 16, 2023

Updated: Oct 20, 2023

Summary

CVE-2023-5575 is a vulnerability affecting Devolutions Server 2022.3.13.0 and earlier versions. This issue involves improper access control in permission inheritance, enabling an attacker who has gained access to a low-privileged user account to bypass restrictions and access specific entries. The vulnerability arises when certain combinations of permissions in the entry and its parent are present, allowing unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Devolutions Server

Affected Vendors

Devolutions

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s_prNb
https://www.cve.org/CVERecord?id=CVE-2023-5575
https://nvd.nist.gov/vuln/detail/CVE-2023-5575

Back to Vulnerability Database