CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
References
Link Resource
http://bitrix24.com Product
https://github.com/DrieVlad/BitrixVulns Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*

History

06 Nov 2024, 19:28

Type Values Removed Values Added
CPE cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*
References () http://bitrix24.com - () http://bitrix24.com - Product
References () https://github.com/DrieVlad/BitrixVulns - () https://github.com/DrieVlad/BitrixVulns - Third Party Advisory
First Time Bitrix24
Bitrix24 bitrix24
CVSS v2 : unknown
v3 : 6.8
v2 : unknown
v3 : 4.9

05 Nov 2024, 17:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
CWE CWE-522
Summary
  • (es) Las credenciales insuficientemente protegidas en la configuración del servidor DAV en 1C-Bitrix Bitrix24 23.300.100 permiten a los administradores remotos leer las contraseñas de las cuentas del servidor proxy a través de una solicitud HTTP GET.

04 Nov 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 18:15

Updated : 2024-11-06 19:28


NVD link : CVE-2024-34883

Mitre link : CVE-2024-34883

CVE.ORG link : CVE-2024-34883


JSON object : View

Products Affected

bitrix24

  • bitrix24
CWE
CWE-522

Insufficiently Protected Credentials