9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.963 High
EPSS
Percentile
99.3%
9.5.9-alt1 built Sept. 23, 2022 Pavel Zilke in task #307140
Sept. 14, 2022 Pavel Zilke
- New version 9.5.9
- This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
- Security fixes:
+ CVE-2022-35945 : XSS through registration API
+ CVE-2022-31143 : Leak of sensitive information through login page error
+ CVE-2022-35914 : [critical] Command injection using a third-party library script
+ CVE-2022-35946 : SQL injection through plugin controller
+ CVE-2022-35947 : [critical] Authentication via SQL injection
+ CVE-2022-36112 : Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ALT Linux | 9 | src | glpi-9.5.12-alt1.src.rpm | < 9.5.9-alt1 | glpi-9.5.12-alt1.src.rpm |
ALT Linux | 9 | noarch | glpi-9.5.12-alt1.noarch.rpm | < 9.5.9-alt1 | glpi-9.5.12-alt1.noarch.rpm |
ALT Linux | 9 | noarch | glpi-apache2-9.5.12-alt1.noarch.rpm | < 9.5.9-alt1 | glpi-apache2-9.5.12-alt1.noarch.rpm |
ALT Linux | 9 | noarch | glpi-php7-9.5.12-alt1.noarch.rpm | < 9.5.9-alt1 | glpi-php7-9.5.12-alt1.noarch.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.963 High
EPSS
Percentile
99.3%