Lucene search

GoogleOSV:CVE-2022-39373

HistoryNov 03, 2022 - 4:15 p.m.

CVE-2022-39373

2022-11-0316:15:10

Google

osv.dev

glpi

it management

malicious code

patched update

software

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

22.7%

JSON

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to version 10.0.4.

References

github.com/glpi-project/glpi/security/advisories/GHSA-cw37-q82c-w546

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

22.7%

JSON

Related for OSV:CVE-2022-39373