VYPR
High severity7.5OSV Advisory· Published May 19, 2024· Updated Apr 15, 2026

CVE-2024-36070

CVE-2024-36070

Description

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tine Groupware/TineOSV2 versions
    2023.11.1, 2023.11.1-beta4, 2023.11.1-beta5, …+ 1 more
    • (no CPE)range: 2023.11.1, 2023.11.1-beta4, 2023.11.1-beta5, …
    • (no CPE)range: <2023.11.8

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.