Primary

Context

Devolutions Server Improper Access Control Vulnerability in Temporary Access Request Endpoints

Vulnerability

Patched

A vulnerability exists in Devolutions Server in versions through 2024.3.13, where improper access control in the temporary access requests and checkout requests endpoints allows authenticated users to retrieve information about these requests using a known request ID.

Impact

Exploitation of this vulnerability could lead to unauthorized access to information about temporary access requests and checkout requests, potentially allowing users to gain insights into request details that should be restricted.

Remediation

Users are advised to upgrade to Devolutions Server version 2024.3.14 or higher.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Improper Access Control Vulnerability in Temporary Access Request Endpoints

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

Devolutions Remote Desktop Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating