CVE-2023-23610

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-23610

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23610.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-23610

Related

GHSA-6565-hm87-24hf
UBUNTU-CVE-2023-23610

Published

2023-01-26T21:18:14Z

Modified

2024-11-21T07:46:31Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

5078f4a5f74b06f044a0f9a48352053b3a60ca38

Fixed

4f7279aeec029817ebe9a209dfeec49d6c9ca11c