CVE-2024-11955

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-11955
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11955.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-11955
Aliases
  • GHSA-g5fm-jq4j-c2c7
Downstream
Published
2025-02-25T16:15:37.303Z
Modified
2026-03-14T01:48:32.554559Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type
GIT
Repo
https://github.com/glpi-project/glpi
Events
Introduced
b094bc0c617761d6e7eee900950f24cea658d560
Fixed
9389461d8a207bdcdf4f50f9db9fc8acdf6c7bbf
Database specific 
{
    "versions": [
        {
            "introduced": "0.85"
        },
        {
            "fixed": "10.0.18"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11955.json"