CVE-2024-27937

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27937

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27937.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-27937

Aliases

GHSA-98qw-hpg3-2hpj

Downstream

UBUNTU-CVE-2024-27937

Published

2024-03-18T15:17:18.178Z

Modified

2025-11-20T12:26:12.477228Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

glpi Users emails enumeration

Details

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.

Database specific

{
    "cwe_ids": [
        "CWE-285"
    ]
}

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

815997021a5df4feb7077a12f6f52769e9bd3459

Fixed

ba1f4be9d43f7ec193ef3401f11cc79efc24ca56

Affected versions

10.*

10.0.0

10.0.1

10.0.10

10.0.11

10.0.12

10.0.2

10.0.3

10.0.4

10.0.5

10.0.6

10.0.7

10.0.8

10.0.9