CVE-2022-31143

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31143

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31143.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31143

Aliases

GHSA-6mmq-x3j2-677j

Downstream

UBUNTU-CVE-2022-31143

Published

2022-09-14T17:40:09Z

Modified

2025-11-04T20:02:29.968779Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Leak of sensitive information through login page error in GLPI

Details

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of GLPI (like smtp or cas hosts). Note that passwords are not exposed. Users are advised to upgrade to version 10.0.3. There are no known workarounds for this issue.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

9fa6de558a9987561b80afd57a796a3fa19deee6

Fixed

5db9ca9f678989560bcc7b46d4a89c241f25af01

Affected versions

10.*

10.0.0

10.0.0-beta

10.0.0-rc1

10.0.0-rc2

10.0.0-rc3

10.0.1

10.0.2

9.*

9.5.0

9.5.1

9.5.2

9.5.3

9.5.4

9.5.5

9.5.6

9.5.7