Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-11033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying...

7.2CVSS7AI score0.01038EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2020-0220)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.6AI score0.07608EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2020/05/15 12:0 a.m.24 views

Fedora: Security Advisory for glpi (FEDORA-2020-ee30e1109f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS6.4AI score0.07608EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/05/15 12:0 a.m.22 views

Fedora: Security Advisory for glpi (FEDORA-2020-885e2343ed)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS6.4AI score0.07608EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/05/05 10:15 p.m.29 views

CVE-2020-11033

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...

7.2CVSS7AI score0.01038EPSS
Exploits0References2
OSV
OSV
added 2020/05/05 10:15 p.m.2 views

UBUNTU-CVE-2020-11033

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...

7.2CVSS5.9AI score0.01038EPSS
Exploits0References3
CVE
CVE
added 2020/05/05 9:15 p.m.113 views

CVE-2020-11033

CVE-2020-11033 affects GLPI 9.1 up to before 9.4.6. An API user with READ on the User itemtype could query apirest.php/User and obtain the full user list, including all api_tokens (privilege escalation) and personal_tokens (inter-user planning). Exploitation requires the API to be enabled and a t...

7.2CVSS6.5AI score0.01038EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/05/05 9:15 p.m.23 views

CVE-2020-11033 Able to read any token through API user endpoint in GLPI

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...

6.6CVSS7.8AI score0.01038EPSS
Exploits0References3
Rows per page
Query Builder