Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-23610

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.

Published

2023-01-26T21:18:14.223

Last Modified

2024-11-21T07:46:31.737

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	glpi-project	glpi	< 9.5.12	Yes
Application	glpi-project	glpi	< 10.0.6	Yes

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf Third Party Advisory ([email protected])
https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)