CVE-2024-12196

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 4, 2024
CWE ID 863

Summary

CVE-2024-12196 is a new vulnerability affecting the permission component in Devolutions Server 2024.3.7.0 and earlier versions. This issue grants authenticated users unauthorized access to view the password history of an entry, even if they don't possess the required "view password" permission. This incorrect authorization can lead to unintended disclosure of sensitive information, potentially creating a security risk for organizations using the affected software. It is essential for organizations to update their Devolutions Server installation as soon as possible to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Devolutions Server

Affected Vendors

  • Devolutions