CVE-2023-41324

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-41324

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41324.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41324

Related

GHSA-58wj-8jhx-jpm3
UBUNTU-CVE-2023-41324

Published

2023-09-27T15:19:29Z

Modified

2024-11-21T08:21:04Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

d5017d7de5636bfe5a2f13e64c685423723f7f33

Fixed

0c860f018f5bd0f08b87d217a376304e62a5ba58