Vulnerability in Devolutions Server
CVE-2023-5358
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.
EPSS: 0.005 (41.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Devolutions Server — versions 0
- Devolutions Devolutions_server
References
- security@devolutions.net (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-5358?
- CVE-2023-5358 is a medium-severity vulnerability in Devolutions Server. CVSS score: 5.3/10. Published 2023-11-01.
- How severe is CVE-2023-5358?
- Medium severity. CVSS v3 base score is 5.3 out of 10.