CVE-2023-22500

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22500

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22500.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22500

Related

GHSA-3ghv-p34r-5ghx
UBUNTU-CVE-2023-22500

Published

2023-01-26T21:18:12Z

Modified

2025-01-14T11:33:06.215763Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by unauthenticated users. This issue is patched in version 10.0.6. As a workaround, disable native inventory and delete inventory files from server (default location is files/_inventory).

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-3ghv-p34r-5ghx

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

815997021a5df4feb7077a12f6f52769e9bd3459

Fixed

e2d0f893191952f35c6b1a6013418308e3e1dbc2

Affected versions

10.*

10.0.0

10.0.1

10.0.2

10.0.3

10.0.4

10.0.5