CVE-2024-12196
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-12196 is a new vulnerability affecting the permission component in Devolutions Server 2024.3.7.0 and earlier versions. This issue grants authenticated users unauthorized access to view the password history of an entry, even if they don't possess the required "view password" permission. This incorrect authorization can lead to unintended disclosure of sensitive information, potentially creating a security risk for organizations using the affected software. It is essential for organizations to update their Devolutions Server installation as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Devolutions Server
Affected Vendors
- Devolutions