CVE-2024-10971 - AskarLabs CVE Database

CVE-2024-10971

Vendor Devolutions

Product DVLS (Devolutions Server)

Weakness CWE-200 · Info exposure

Published November 12, 2024

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.

Key dates

02Disclosure timeline

November 12, 2024 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-10971 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2024-41108 FOG Sensitive Information Disclosure CVE-2023-37868 WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab CVE-2024-56443