Lucene search

Ubuntu.comUB:CVE-2023-23610

HistoryJan 26, 2023 - 12:00 a.m.

CVE-2023-23610

2023-01-2600:00:00

ubuntu.com

glpi

asset management

it management

vulnerable

improper privilege management

patched

cve-2023-23610

unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

27.8%

JSON

GLPI is a Free Asset and IT Management Software package. Versions prior to
9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user
having access to the standard interface can export data of almost any GLPI
item type, even those on which user is not allowed to access (including
assets, tickets, users, …). This issue is patched in 10.0.6.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchglpi< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	glpi	< any	UNKNOWN

References

github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf

launchpad.net/bugs/cve/CVE-2023-23610

nvd.nist.gov/vuln/detail/CVE-2023-23610

security-tracker.debian.org/tracker/CVE-2023-23610

www.cve.org/CVERecord?id=CVE-2023-23610

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

27.8%

JSON

Related for UB:CVE-2023-23610