CVE-2024-34883

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: 1C-Bitrix Bitrix24 version 23.300.100

Description: The issue is related to insufficiently protected credentials in the DAV server settings, allowing remote administrators to read proxy-server accounts passwords via an HTTP GET request. This exposes the credentials, potentially leading to unauthorized access.

Recommendations: For version 23.300.100, consider restricting access to the DAV server settings to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the proxy-server accounts passwords in the affected DAV server settings.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

BDU:2024-08613

CVE-2024-34883

Affected Products

Bitrix24

Bitrix

CVE-2024-34883

Weakness Enumeration

Related Identifiers

Affected Products

References · 8