Lucene search
K

4 matches found

Cvelist
Cvelist
added 2022/04/21 4:50 p.m.17 views

CVE-2022-24867 LDAP password exposure in glpi

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldappass is not filtered and when you look at the source code of the...

7.5CVSS7.9AI score0.01257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/04/21 4:50 p.m.6 views

CVE-2022-24867 LDAP password exposure in glpi

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldappass is not filtered and when you look at the source code of the...

7.5CVSS7.7AI score0.01257EPSS
Exploits0References2
CVE
CVE
added 2022/04/21 4:50 p.m.109 views

CVE-2022-24867

GLPI (Asset & IT Management Software) has a CVE-2022-24867 issue where, when passing config to the JavaScript, the ldap_pass variable is not filtered and the root DN password is exposed in the rendered page source. This is a data exposure flaw in the authentication/config handling path. The advis...

7.8CVSS7.6AI score0.01257EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/04/21 4:50 p.m.22 views

CVE-2022-24867 LDAP password exposure in glpi

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldappass is not filtered and when you look at the source code of the...

7.5CVSS7.6AI score0.01257EPSS
Exploits0References4
Rows per page
Query Builder