CVE-2024-6055
MEDIUMDevolutions Remote Desktop Manager < 2024.2.8.0 - Sensitive Information Exposure via Data Source Export
Title source: llmDescription
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.
References (1)
Core 1
Core References
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2024-0008
Scores
CVSS v3
4.7
EPSS
0.0050
EPSS Percentile
38.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-212
Status
published
Products (1)
devolutions/remote_desktop_manager
< 2024.2.8.0 (2 CPE variants)
Published
Jun 17, 2024
Tracked Since
Feb 18, 2026