UBUNTU-CVE-2024-47761

Source
https://ubuntu.com/security/CVE-2024-47761
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-47761.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-47761
Related
Published
2024-12-11T17:15:00Z
Modified
2025-01-27T16:42:13Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

References

Affected packages

Ubuntu:Pro:16.04:LTS / glpi

Package

Name
glpi
Purl
pkg:deb/ubuntu/glpi@0.84.8+dfsg.1-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.84.8+dfsg.1-1
0.84.8+dfsg.1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}