← voltar
CVE-2024-47760

GLPI vulnerable to account takeover via API

CVSS 7.5 HIGHEPSS 0.5%CWE-284
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
glpi-project · glpi

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/glpi-project/glpi/releases/tag/10.0.17https://github.com/glpi-project/glpi/security/advisories/GHSA-r3mx-fr5f-gwgp