Glpi Security Vulnerabilities and Issues — Glpi CVE List

Lucene search

Glpi-projectGlpi

5 matches found

CVE•added 2024/12/12 2:6 a.m.•883 views

CVE-2024-50339

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue.

9.3CVSS6.6AI score0.00155EPSS

CVE•added 2024/12/11 4:15 p.m.•81 views

CVE-2024-47758

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.

8.8CVSS6.6AI score0.00151EPSS

CVE•added 2024/12/11 5:15 p.m.•78 views

CVE-2024-47760

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

8.8CVSS6.8AI score0.00112EPSS

CVE•added 2024/12/11 5:15 p.m.•53 views

CVE-2024-47761

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

7.5CVSS6.7AI score0.00129EPSS

CVE•added 2024/12/11 5:15 p.m.•52 views

CVE-2024-48912

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

8.1CVSS6.4AI score0.00125EPSS