Advisory ID: BT24-02
CVSSv3 Score: 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Issue Date: 2024-02-14
Updated On: 2024-02-14
CVE(s): CVE-2024-1591
Synopsis:
Privilege Management for Windows - GPO Policy Information Leak
Impacted Product:
Privilege Management for Windows
Summary:
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
BeyondTrust would like to thank Mayer Bar of the Smartsoft PS Team for reporting this vulnerability to us through our secure channel. The CVE ID for this vulnerability is pending.
Affected Versions
Product | Version |
|---|---|
Privilege Management for Windows | Prior to 24.1 |
Fixed Versions
Product | Version |
|---|---|
Privilege Management for Windows | 24.1 |