2697 matches found
CVE-2024-47758
CVE-2024-47758 affects GLPI: authenticated users can via the API take control of another user with equal or lower privileges in versions 9.3.0 up to, but not including, 10.0.17. A patch is available in 10.0.17. Connected documents corroborate GLPI context and indicate multiple vendor advisories f...
CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...
CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...
GLPI 访问控制错误漏洞
GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
GLPI 访问控制错误漏洞
GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
GLPI 授权问题漏洞
GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
CVE-2024-43416
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue...
UBUNTU-CVE-2024-43416
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue...
CVE-2024-43416 GLPI vulnerable to enumeration of users' email addresses by unauthenticated user
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue...
CVE-2024-43416 GLPI vulnerable to enumeration of users' email addresses by unauthenticated user
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue...
CVE-2024-43416
GLPI
CVE-2024-43416 GLPI vulnerable to enumeration of users' email addresses by unauthenticated user
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue...
PT-2024-30574 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: The issue allows an unauthenticated user to use an application endpoint to check if an email address corresponds to a valid GLPI user. Recommendations: For versions 0.80 through 10.0.16, update ...
The vulnerability of the GLPI system’s request, incident, and asset inventory management, related to improper access control, allows a intruder to gain unauthorized access to the account.
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to improper access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the account through the API...
CVE-2024-38370
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...
CVE-2024-45611
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload t...
CVE-2024-45610
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form...
UBUNTU-CVE-2024-45611
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload t...
CVE-2024-38370 GLPI allows API document download without rights
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...
CVE-2024-38370 GLPI allows API document download without rights
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...