CVE-2024-34885

Name of the Vulnerable Software and Affected Versions 1C-Bitrix Bitrix24 version 23.300.100

Description The issue is related to insufficiently protected credentials in SMTP server settings, allowing remote administrators to read SMTP accounts passwords via an HTTP GET request. This can be exploited by a remote attacker to misuse SMTP settings and gain access to authentication data from the SMTP server.

Recommendations For version 23.300.100, consider restricting access to the SMTP server settings to minimize the risk of exploitation. As a temporary workaround, avoid using the HTTP GET request to access SMTP account passwords until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.