CVE-2023-5358 — Vulnetix

CVE-2023-5358 PUBLISHED CVSS 5.300000190734863 MEDIUM

Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.

EPSS 0.21% · 43.0th percentile

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.21%

43.0th percentile

Affected Products

Vendor	Product	Versions
devolutions	devolutions_server	0, 0, 0
Devolutions	Devolutions Server	0, 0, 0

Exploit Intelligence

CIRCL seen: CVE-2023-5358 (circl-sighting)
https://devolutions.net/security/advisories/DEVO-2023-0019/ (circl)

Timeline

Nov 1, 2023 CVE Published
Nov 1, 2023 PoC Published
Nov 2, 2023 EPSS Score
Dec 3, 2023 EPSS Score
Jan 2, 2024 EPSS Score
Feb 2, 2024 EPSS Score
Mar 4, 2024 EPSS Score
Apr 3, 2024 EPSS Score
May 4, 2024 EPSS Score
Jun 4, 2024 EPSS Score
Jul 4, 2024 EPSS Score
Aug 4, 2024 EPSS Score

References

https://devolutions.net/security/advisories/DEVO-2023-0019/ url
https://nvd.nist.gov/vuln/detail/CVE-2023-5358 advisory
https://devolutions.net/security/advisories/DEVO-2023-0019 url

Open in Interactive Console →