CVE-2024-34891 Information

Description

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

Reference

http://bitrix24.com https://github.com/DrieVlad/BitrixVulns