CVE-2022-23779: Internal Hostname Disclosure Vulnerability

This document addresses an internal hostname disclosure vulnerability (CVE-2022-23779) that was recently fixed in Endpoint Central.

What was the problem?

The web server is configured to redirect few URLs when requested by client. During such redirects, the hostname of the internal server could be exposed.

How do I fix it?

This has been fixed in Endpoint Central build 10.1.2137.8 on 16.01.2022. To apply this fix, follow the steps below:

1. Login to your Endpoint Central console, click on your current build number on the top right corner.
2. You'll be able to find the latest build applicable to you. Download the PPM and update.

This vulnerability is not applicable to Endpoint Central Cloud.

Credits

Matthew Zellner via Endpoint Central's Bug Bounty Program.

Help

For any further questions or concerns on this, please write to our support team at endpointcentral-support@manageengine.com