Auth bypass in Devolutions Remote Desktop Manager

CVE-2024-11672

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.

Vulnerability class: Broken Access Control

EPSS: 0.001 (28.5th percentile) — read the EPSS interpretation.