CVE-2023-41323

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-41323

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41323.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41323

Aliases

GHSA-5cf4-6q6r-49x9

Downstream

UBUNTU-CVE-2023-41323

Published

2023-09-26T22:35:37Z

Modified

2025-10-21T19:32:38Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Users login enumeration by unauthenticated user in GLPI

Details

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ]
}

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

0a2c83a2e4f03bb3e814bdbeb9b29473565c519d

Fixed

0c860f018f5bd0f08b87d217a376304e62a5ba58