CVE-2023-53943

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53943

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53943.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53943

Downstream

UBUNTU-CVE-2023-53943

Published

2025-12-18T20:15:52.940Z

Modified

2026-03-14T12:23:21.325063Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type

GIT

Repo

https://github.com/glpi-project/glpi

Events

Introduced

Last affected

e9b16bc8e9b61ebb2d35b96b9c71cd25c5af9e48

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.5.7"
        }
    ]
}

Affected versions

0.*

0.90

0.90-RC1

0.90-RC2

0.90-beta1

0.90-beta2

0.90.1

9.*

9.1

9.1-RC1

9.1-RC2

9.3-beta

9.4.0

9.4.0-beta

9.4.0-rc1

9.4.0-rc2

9.4.1

9.4.1.1

9.4.2

9.4.3

9.4.4

9.4.5

9.4.6

9.5.0

9.5.0-rc1

9.5.0-rc2

9.5.1

9.5.2

9.5.3

9.5.4

9.5.5

9.5.6

9.5.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53943.json"