Описание
tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)
Ссылки
EPSS
Процентиль: 43%
0.0021
Низкий
7.5 High
CVSS3
Дефекты
CWE-497
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)
EPSS
Процентиль: 43%
0.0021
Низкий
7.5 High
CVSS3
Дефекты
CWE-497