CVE-2023-41324

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-41324

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41324.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41324

Aliases

GHSA-58wj-8jhx-jpm3

Downstream

UBUNTU-CVE-2023-41324

Published

2023-09-26T22:37:35.982Z

Modified

2026-03-14T12:14:47.695873Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Account takeover through API in GLPI

Details

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-269"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41324.json"
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

d5017d7de5636bfe5a2f13e64c685423723f7f33

Fixed

0c860f018f5bd0f08b87d217a376304e62a5ba58

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41324.json"