CVE-2024-36070

High

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via…

mitre·CWE-497·Published 2024-05-19

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

256 chars

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)

NVDen

256 chars

NVDes

289 chars

tine anterior a 2023.11.8, cuando se utiliza un backend LDAP, permite a atacantes remotos anónimos obtener información de autenticación confidencial a través de setup.php debido a getRegistryData en Setup/Frontend/Json.php. (También hay una actualización disponible para la serie 2022.11).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N