CVE-2023-2445

MEDIUM

Devolutions Server < 2023.1.3.0 - Origin Validation Error

Title source: rule

Description

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.

References (1)

[Vendor Advisory] https://devolutions.net/security/advisories/DEVO-2023-0013/

Scores

CVSS v3 4.9

EPSS 0.0016

EPSS Percentile 37.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-346

Status published

Affected Products (1)

devolutions/devolutions_server < 2023.1.3.0

Timeline

Published May 02, 2023

Tracked Since Feb 18, 2026