Devolutions

Devolutions Server

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2025-5382

  • EPSS 0.05%
  • Veröffentlicht 05.06.2025 13:37:05
  • Zuletzt bearbeitet 02.07.2025 14:36:11

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.

5

CVE-2025-3768

  • EPSS 0.05%
  • Veröffentlicht 05.06.2025 13:36:41
  • Zuletzt bearbeitet 02.07.2025 13:06:47

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.

8.8

CVE-2025-4433

  • EPSS 0.08%
  • Veröffentlicht 30.05.2025 12:16:03
  • Zuletzt bearbeitet 25.11.2025 18:15:52

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to grou...

6.5

CVE-2025-4493

  • EPSS 0.06%
  • Veröffentlicht 28.05.2025 12:35:36
  • Zuletzt bearbeitet 25.06.2025 15:48:22

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions :  * Devolution...

4.3

CVE-2025-4316

  • EPSS 0.18%
  • Veröffentlicht 05.05.2025 14:00:50
  • Zuletzt bearbeitet 17.06.2025 14:13:42

Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions fro...

6.3

CVE-2025-3517

  • EPSS 0.22%
  • Veröffentlicht 01.05.2025 18:26:22
  • Zuletzt bearbeitet 17.06.2025 14:18:39

Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when u...

8.1

CVE-2025-2280

  • EPSS 0.1%
  • Veröffentlicht 13.03.2025 13:15:58
  • Zuletzt bearbeitet 28.03.2025 16:23:07

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.

6.5

CVE-2025-2278

  • EPSS 0.1%
  • Veröffentlicht 13.03.2025 13:15:58
  • Zuletzt bearbeitet 28.03.2025 16:23:02

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID.

7.5

CVE-2025-2277

  • EPSS 0.1%
  • Veröffentlicht 13.03.2025 13:15:58
  • Zuletzt bearbeitet 28.03.2025 16:22:58

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.

7.1

CVE-2025-2003

  • EPSS 0.12%
  • Veröffentlicht 05.03.2025 19:15:39
  • Zuletzt bearbeitet 28.03.2025 16:22:53

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.