CVE-2024-34882

Name of the Vulnerable Software and Affected Versions 1C-Bitrix Bitrix24 version 23.300.100

Description The issue concerns insufficiently protected credentials in SMTP server settings, allowing remote administrators to send SMTP account passwords to an arbitrary server via an HTTP POST request. This could enable a remote attacker to gain access to authentication data from the SMTP server.

Recommendations For version 23.300.100, update to the latest patch version immediately and rotate compromised credentials. As a temporary workaround, consider restricting access to the SMTP server settings to minimize the risk of exploitation.