2 matches found
CVE-2025-22956
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account passwor...
CVE-2025-22956
OPSI prior to version 4.3 is vulnerable: any client can retrieve any ProductPropertyState, including other clients’ data. This exposure could enable privilege escalation if a secret such as a domain-join password in windomain is stored in ProductPropertyState. Root cause is improper access contro...