Advisory ID: BT24-02

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

Synopsis:

Privilege Management for Windows - GPO Policy Information Leak

Impacted Product:

Privilege Management for Windows

Summary:

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.

BeyondTrust would like to thank Mayer Bar of the Smartsoft PS Team for reporting this vulnerability to us through our secure channel. The CVE ID for this vulnerability is pending.

Affected Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Windows Prior to 24.1

Fixed Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Windows 24.1

References

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
  1. https://www.cve.org/CVERecord?id=CVE-2024-1591
Prefers reduced motion setting detected. Animations will now be reduced as a result.