6 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-11035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD...
Mageia: Security Advisory (MGASA-2020-0220)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : glpi -- weak csrf tokens (b64edef7-3b10-11eb-af2a-080027dbe4b7)
MITRE Corporation reports : In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6. C Tenable Network Security, Inc. The...
Fedora: Security Advisory for glpi (FEDORA-2020-ee30e1109f)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for glpi (FEDORA-2020-885e2343ed)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-11035
In GLPI, CVE-2020-11035 affects versions after 0.83.3 and before 9.4.6, where CSRF tokens are generated using an insecure algorithm (rand, uniqid, MD5). The issue is addressed in version 9.4.6. This vulnerability arises from the token generation mechanism, not from network access details in the p...