High severity7.5NVD Advisory· Published May 19, 2024· Updated Apr 15, 2026

CVE-2024-36070

Description

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)

Patches

9fccbb04d40b

https://github.com/tine-groupware/tinevia osv

5d556a1225aa

https://github.com/tine-groupware/tinevia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/tine-groupware/tine/commit/5d556a1225aa358cbf7cfbeae518c9386b46f516nvd
github.com/tine-groupware/tine/releases/tag/2023.11.8nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000