CVE-2024-12148 | THREATINT

Description

Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.

PUBLISHED Reserved 2024-12-04 | Published 2024-12-04 | Updated 2024-12-05 | Assigner DEVOLUTIONS

Problem types

CWE-863: Incorrect Authorization

Product status

Default status

unaffected

Any version

affected

References

devolutions.net/security/advisories/DEVO-2024-0017

cve.org (CVE-2024-12148)

nvd.nist.gov (CVE-2024-12148)

Download JSON