CVE-2024-2918
LOWDescription
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| devolutions | devolutions_server |
References
Frequently Asked Questions
What is CVE-2024-2918? +
How severe is CVE-2024-2918? +
What products are affected by CVE-2024-2918? +
How do I check if I'm vulnerable to CVE-2024-2918? +
Related Vulnerabilities
Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to …
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has …
Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept …
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User …
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the …
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by …