CVE-2022-31068

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31068

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31068.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31068

Aliases

GHSA-g4hm-6vfr-q3wg

Downstream

UBUNTU-CVE-2022-31068

Published

2022-06-28T17:50:11Z

Modified

2025-11-04T20:02:02.040228Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Sensitive Data Exposure on Refused Inventory Files in GLPI

Details

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

815997021a5df4feb7077a12f6f52769e9bd3459

Fixed

10873706f388795a1d0d72a028eb4ceba36f7169

Affected versions

10.*

10.0.0

10.0.1