CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA. | 6.8 |
Medium |
||
Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable. | 5 |
Medium |
||
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges. | 8.8 |
High |
||
Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : * Devolutions Server 2025.1.3.0 through 2025.1.7.0 * Devolutions Server 2024.3.15.0 and earlier | 6.5 |
Medium |