CVE-2024-36070

Name of the Vulnerable Software and Affected Versions tine versions prior to 2023.11.8

Description The issue allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php, when an LDAP backend is used.

Recommendations For versions prior to 2023.11.8, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the setup.php endpoint until a patch is available. Additionally, ensure that the getRegistryData function in Setup/Frontend/Json.php is properly secured to prevent information disclosure.