This document addresses an internal hostname disclosure vulnerability (CVE-2022-23779) that was recently fixed in Endpoint Central.
The web server is configured to redirect few URLs when requested by client. During such redirects, the hostname of the internal server could be exposed.
This has been fixed in Endpoint Central build 10.1.2137.8 on 16.01.2022. To apply this fix, follow the steps below:
This vulnerability is not applicable to Endpoint Central Cloud.
Matthew Zellner via Endpoint Central's Bug Bounty Program.
For any further questions or concerns on this, please write to our support team at email@example.com