4 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-21255
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI versi...
Security fix for the ALT Linux 10 package glpi version 9.5.4-alt1
March 31, 2021 Pavel Zilke 9.5.4-alt1 - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS injection in ajax/kanban + CVE-2021-21314 : XSS...
CVE-2021-21255
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4...
CVE-2021-21255
CVE-2021-21255 relates to GLPI 9.5.3 where an authenticated user could perform an Insecure Direct Object Reference (IDOR) to switch entities. The issue is resolved in GLPI 9.5.4. The vulnerability affects the web application’s entity switching logic; no exploitation details are provided beyond th...