2 matches found
CVE-2023-28634 GLPI vulnerable to Privilege Escalation from Technician to Super-Admin
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the...
CVE-2023-28634
GLPI contains a privilege-escalation flaw where a Technician can see/generate a Personal token for a Super-Admin, enabling a hijack of a Super-Admin session. Affected: GLPI versions starting from about 0.83 up to but not including patches released in 9.5.13 and 10.0.7. Root cause: token-based acc...