Glpi@* Security Vulnerabilities and Issues — Glpi@* CVE List

Lucene search

Glpi-projectGlpi*

4 matches found

CVE•added 2019/09/25 8:15 p.m.•57 views

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user....

8.8CVSS8.7AI score0.02999EPSS

CVE•added 2019/07/04 3:15 p.m.•44 views

CVE-2019-13239

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.

6.1CVSS5.8AI score0.00336EPSS

CVE•added 2019/03/27 5:29 p.m.•39 views

CVE-2019-10233

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.

8.1CVSS8AI score0.00433EPSS

CVE•added 2019/07/10 2:15 p.m.•39 views

CVE-2019-13240

An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.

5.9CVSS5.6AI score0.00544EPSS