CVE-2024-12196 - AskarLabs CVE Database

CVE-2024-12196

Vendor Devolutions

Product Server

Weakness CWE-863 · Incorrect authorization

Published December 4, 2024

Last update December 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.

Key dates

02Disclosure timeline

December 4, 2024 CVE published

December 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-12196

Related vulnerabilities

04Related CVE

CVE-2024-31409 CyberPower PowerPanel business Incorrect Authorization CVE-2026-1768 CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries CVE-2023-47827 WordPress Events Addon for Elementor Plugin <= 2.1.3 is vulnerable to Broken Access Control CVE-2026-29773 kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding