CVE-2024-1591

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
Configurations

Configuration 1 (hide)

cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*

History

07 Feb 2025, 15:07

Type Values Removed Values Added
First Time Beyondtrust
Beyondtrust privilege Management For Windows
References () https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 - () https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 - Vendor Advisory
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 - () https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 -
Summary
  • (es) Antes de la versión 24.1, un atacante autenticado local puede ver Sysvol cuando Privilege Management para Windows está configurado para usar una política de GPO. Esto les permite ver la política y potencialmente encontrar problemas de configuración.

16 Feb 2024, 19:26

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-16 19:15

Updated : 2025-02-07 15:07


NVD link : CVE-2024-1591

Mitre link : CVE-2024-1591

CVE.ORG link : CVE-2024-1591


JSON object : View

Products Affected

beyondtrust

  • privilege_management_for_windows
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo