High severity7.5OSV Advisory· Published May 19, 2024· Updated Apr 15, 2026
CVE-2024-36070
CVE-2024-36070
Description
tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22023.11.1, 2023.11.1-beta4, 2023.11.1-beta5, …+ 1 more
- (no CPE)range: 2023.11.1, 2023.11.1-beta4, 2023.11.1-beta5, …
- (no CPE)range: <2023.11.8
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.