CVE-2024-33865

HIGH

linqi < 1.4.0.1 - NTLM Hash Exposure via API Endpoints

Title source: llm

Description

An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints.

References (2)

Core 2

Core References

Broken Link

https://linqi.help/Updates/en#/SecurityUpdates

Product

https://www.linqi.de/de-DE/blog.html

Scores

CVSS v3 7.5

EPSS 0.0066

EPSS Percentile 46.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

linqi/linqi < 1.4.0.1

Published May 14, 2024

Tracked Since Feb 18, 2026