CVE-2023-23610

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-23610
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23610.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-23610
Aliases
  • GHSA-6565-hm87-24hf
Downstream
Published
2023-01-25T05:46:35.549Z
Modified
2025-12-04T23:39:20.066940Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
glpi vulnerable to Unauthorized access to data export
Details

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.

Database specific 
{
    "cwe_ids": [
        "CWE-269"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23610.json"
}
References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type
GIT
Repo
https://github.com/glpi-project/glpi
Events
Introduced
5078f4a5f74b06f044a0f9a48352053b3a60ca38
Fixed
4f7279aeec029817ebe9a209dfeec49d6c9ca11c
Database specific 
{
    "versions": [
        {
            "introduced": "0.65"
        },
        {
            "fixed": "9.5.12"
        }
    ]
}
Type
GIT
Repo
https://github.com/glpi-project/glpi
Events
Introduced
815997021a5df4feb7077a12f6f52769e9bd3459
Fixed
e2d0f893191952f35c6b1a6013418308e3e1dbc2
Database specific 
{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.6"
        }
    ]
}

Affected versions

10.*

10.0.0
10.0.1
10.0.2
10.0.3
10.0.4
10.0.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23610.json"