Glpi@0.83 Security Vulnerabilities and Issues — Glpi@0.83 CVE List

Lucene search

Glpi-projectGlpi0.83

2 matches found

CVE•added 2023/04/05 3:15 p.m.•53 views

CVE-2023-28632

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user can...

8.1CVSS7.9AI score0.00209EPSS

CVE•added 2023/04/05 5:15 p.m.•52 views

CVE-2023-28634

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Supe...

8.8CVSS8.7AI score0.00242EPSS