Lucene search
K

4 matches found

Circl
Circl
added 2023/04/05 6:40 p.m.7 views

CVE-2023-28632

creationtimestamp| type| source ---|---|--- 2023-04-05 18:40:08+00:00| seen| https://t.me/cibsecurity/61461...

8.1CVSS7.8AI score0.00677EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/04/05 3:15 p.m.14 views

CVE-2023-28632

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user c...

8.1CVSS7.1AI score0.00677EPSS
Exploits0References1
CVE
CVE
added 2023/04/05 2:45 p.m.67 views

CVE-2023-28632

Summary (CVE-2023-28632 in GLPI): An authenticated user can modify any user’s email via the forgotten password flow, enabling possible account takeover and access to sensitive notifications. Affected versions are GLPI 0.83 up to 9.5.12/10.0.6 before patches were released; versions 9.5.13 and 10.0...

8.1CVSS7.9AI score0.00677EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/05 2:45 p.m.9 views

CVE-2023-28632 GLPI vulnerable to account takeover by authenticated user

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user c...

8.1CVSS7.9AI score0.00677EPSS
Exploits0References3
Rows per page
Query Builder