CVE-2024-12196

Published Dec 4, 2024

Last updated 3 months ago

CVSS medium 6.5

Overview

Description
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.
Source
security@devolutions.net
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security@devolutions.net
CWE-863

Social media

Hype score
Not currently trending

  1. CVE-2024-12196 Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry… https://t.co/LzXkzJVcE8

    @CVEnew

    4 Dec 2024

    438 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References