Lucene search

FreeBSDBB49F1FA-00DA-11EF-92B7-589CFC023192

HistoryMar 13, 2024 - 12:00 a.m.

GLPI -- multiple vulnerabilities

2024-03-1300:00:00

vuxml.freebsd.org

glpi

vulnerabilities

sql injection

ssrf

xss

cve-2024-27096

cve-2024-27098

cve-2024-27104

cve-2024-27914

cve-2024-27930

cve-2024-27937

security

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

JSON

GLPI team reports:

GLPI 10.0.13 Changelog

[SECURITY - high] SQL Injection in through the search engine (CVE-2024-27096)
[SECURITY - moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)
[SECURITY - moderate] Stored XSS in dashboards (CVE-2024-27104)
[SECURITY - moderate] Reflected XSS in debug mode (CVE-2024-27914)
[SECURITY - moderate] Sensitive fields access through dropdowns (CVE-2024-27930)
[SECURITY - moderate] Users emails enumeration (CVE-2024-27937)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchglpi< 10.0.13,1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	glpi	< 10.0.13,1	UNKNOWN

References

github.com/glpi-project/glpi/releases/tag/10.0.13

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

JSON

Related for BB49F1FA-00DA-11EF-92B7-589CFC023192