Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
History

Tue, 19 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published: 2024-05-17T15:18:15.722Z

Updated: 2024-11-19T22:10:34.141Z

Reserved: 2024-05-17T15:05:56.157Z

Link: CVE-2024-5072

cve-icon Vulnrichment

Updated: 2024-08-01T21:03:10.490Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-17T16:15:08.300

Modified: 2024-11-21T09:46:54.310

Link: CVE-2024-5072

cve-icon Redhat

No data.