CVE-2022-23779: Internal Hostname Disclosure Vulnerability

This document addresses an internal hostname disclosure vulnerability (CVE-2022-23779) that was recently fixed in Desktop Central.

What was the problem?

The web server is configured to redirect few URLs when requested by client. During such redirects, the hostname of the internal server could be exposed.

How do I fix it?

This has been fixed in Desktop Central build 10.1.2137.8 on 16.01.2022. To apply this fix, follow the steps below:

  1. Login to your Desktop Central console, click on your current build number on the top right corner.
  2. You'll be able to find the latest build applicable to you. Download the PPM and update.

This vulnerability is not applicable to Desktop Central Cloud.

Credits

Matthew Zellner via Desktop Central's Bug Bounty Program.

Help

For any further questions or concerns on this, please write to our support team at desktopcentral-support@manageengine.com