4 matches found
CVE-2022-24867 LDAP password exposure in glpi
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldappass is not filtered and when you look at the source code of the...
CVE-2022-24867 LDAP password exposure in glpi
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldappass is not filtered and when you look at the source code of the...
CVE-2022-24867 LDAP password exposure in glpi
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldappass is not filtered and when you look at the source code of the...
CVE-2022-24867
GLPI (Asset & IT Management Software) has a CVE-2022-24867 issue where, when passing config to the JavaScript, the ldap_pass variable is not filtered and the root DN password is exposed in the rendered page source. This is a data exposure flaw in the authentication/config handling path. The advis...