ROS-20250402-04

Vulnerability of the GLPI system of requests, incidents and inventory of computer equipment is related to improperly restricting access to the "install/update.php" file. Exploitation of the vulnerability could allow An attacker acting remotely could gain access to confidential information A...

CVE-2025-23046

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

CVE-2025-23046

GLPI CVE-2025-23046 affects versions 9.5.0 through 10.0.18 where a Mail servers authentication provider using an OAuth (OauthIMAP) connection allows a login using a username with an existing OAuth authorization. The root cause is an access control/authentication issue in the OAuth integration wit...

CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

PT-2025-6973 · Unknown +2 · Oauthimap Plugin +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.17 Description: The issue allows unauthorized access to GLPI when a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, leveraging existing Oauth...