CVE-2023-2400

LOW

Dovolations Server <2023.1.8 - Info Disclosure

Title source: llm

Description

Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.

References (1)

[Vendor Advisory] https://devolutions.net/security/advisories/DEVO-2023-0014

Scores

CVSS v3 2.7

EPSS 0.0013

EPSS Percentile 32.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-459

Status published

Products (1)

devolutions/devolutions_server < 2023.2.1

Published Jun 20, 2023

Tracked Since Feb 18, 2026