CVE-2023-1202 - OpenCVE

Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Devolutions	Remote Desktop Manager

Configuration 1 [-]

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2023-0008	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published: 2023-03-23T17:12:47.824Z

Updated: 2023-04-02T18:49:20.069507Z

Reserved: 2023-03-06T15:52:04.023Z

Link: CVE-2023-1202

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-02T21:15:08.250

Modified: 2023-11-07T04:02:51.707

Link: CVE-2023-1202

JSON object: View

Redhat Information

No data.

CWE

CWE-863