This document addresses an internal hostname disclosure vulnerability (CVE-2022-23779) that was recently fixed in Desktop Central.
The web server is configured to redirect few URLs when requested by client. During such redirects, the hostname of the internal server could be exposed.
This has been fixed in Desktop Central build 10.1.2137.8 on 16.01.2022. To apply this fix, follow the steps below:
This vulnerability is not applicable to Desktop Central Cloud.
Matthew Zellner via Desktop Central's Bug Bounty Program.
For any further questions or concerns on this, please write to our support team at desktopcentral-support@manageengine.com