CVE-2023-6264

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 22, 2023

Updated: Dec 1, 2023

CWE ID 200

Summary

CVE-2023-6264 is a newly disclosed vulnerability affecting Devolutions Server 2023.3.7.0. An unauthenticated attacker can exploit an information leak in the Content-Security-Policy header, enabling them to retrieve a list of configured Devolutions Gateways endpoints. This vulnerability could potentially lead to further attacks, making it essential for users to apply the necessary patches as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Devolutions Server

Affected Vendors

Devolutions

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tha-oW
https://www.cve.org/CVERecord?id=CVE-2023-6264
https://nvd.nist.gov/vuln/detail/CVE-2023-6264

Back to Vulnerability Database