Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue.
This issue affects the following versions :
- Devolutions Server 2025.1.3.0 through 2025.1.7.0
- Devolutions Server 2024.3.15.0 and earlier
Weakness
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Devolutions_server | Devolutions | * | 2024.3.15.0 (including) |
| Devolutions_server | Devolutions | 2025.1.3.0 (including) | 2025.1.7.0 (including) |