5 matches found
Security fix for the ALT Linux 9 package glpi version 9.5.6-alt1
9.5.6-alt1 built Oct. 18, 2021 Pavel Zilke in task 287044 Oct. 12, 2021 Pavel Zilke - New version 9.5.6 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210 : Autologin cookie...
Security fix for the ALT Linux 10 package glpi version 9.5.6-alt1
9.5.6-alt1 built Oct. 14, 2021 Pavel Zilke in task 287043 Oct. 12, 2021 Pavel Zilke - New version 9.5.6 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210 : Autologin cookie...
CVE-2021-39210
creationtimestamp| type| source ---|---|--- 2021-09-15 20:22:15+00:00| seen| https://t.me/cibsecurity/28927...
CVE-2021-39210
What is affected: GLPI
CVE-2021-39210 Autologin cookie accessible by scripts
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie when a user uses the "remember me" feature is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue ...