Lucene search

[email protected]CVE-2022-31068

HistoryJun 28, 2022 - 6:15 p.m.

CVE-2022-31068

2022-06-2818:15:08

CWE-200

[email protected]

web.nvd.nist.gov

glpi

free asset management software

it management software

data center management

itil service desk

licenses tracking

software auditing

cve-2022-31068

nvd

vulnerability

sensitive information leakage

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.

Affected configurations

Vulners

NVD

Node

glpi-projectglpiRange10.0.0–10.0.2

VendorProductVersionCPE
glpi\-projectglpi*cpe:2.3:a:glpi\-project:glpi:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
glpi\-project	glpi	*	cpe:2.3:a:glpi\-project:glpi::::::::

CNA Affected

[
  {
    "product": "glpi",
    "vendor": "glpi-project",
    "versions": [
      {
        "status": "affected",
        "version": ">=10.0.0, < 10.0.2"
      }
    ]
  }
]