3 matches found
CVE-2023-41326
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...
CVE-2023-41326 Account takeover via Kanban feature in GLPI
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...
PT-2023-6845 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the insecure management of privileges in the Kanban feature of the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to any user's account...