Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.
References
Link | Resource |
---|---|
https://devolutions.net/security/advisories/DEVO-2025-0006/ | Vendor Advisory |
Configurations
History
17 Jun 2025, 14:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* | |
References | () https://devolutions.net/security/advisories/DEVO-2025-0006/ - Vendor Advisory | |
First Time |
Devolutions
Devolutions devolutions Server |
02 May 2025, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
Summary | (en) Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username. | |
CWE | CWE-266 |
01 May 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-01 19:15
Updated : 2025-06-17 14:18
NVD link : CVE-2025-3517
Mitre link : CVE-2025-3517
CVE.ORG link : CVE-2025-3517
JSON object : View
Products Affected
devolutions
- devolutions_server
CWE
CWE-266
Incorrect Privilege Assignment