3 matches found
Security fix for the ALT Linux 9 package glpi version 9.5.10-alt1
Nov. 4, 2022 Pavel Zilke 9.5.10-alt1 - New version 9.5.10 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information +...
CVE-2022-39276 Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote...
CVE-2022-39276
GLPI (Gestionnaire Libre de Parc Informatique) contains a SSRF-type issue in the planning features (RSS feeds or external calendar). If a remote script returns a redirect, the target URL isn’t checked against the administrator’s allow-list, enabling potential redirection-based access. This CVE (C...