An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the "isLdap" JavaScript parameter in the HTML source code.
References
Link | Resource |
---|---|
https://gist.github.com/andrey-lomtev/c970fb7dd022d04f5b57ad37fbedd064 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-12-10T16:37:29
Updated: 2021-12-10T16:37:29
Reserved: 2021-08-03T00:00:00
Link: CVE-2021-37935
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-10T17:15:07.637
Modified: 2021-12-14T17:27:07.683
Link: CVE-2021-37935
JSON object: View
Redhat Information
No data.
CWE