Lucene search
GitHub_MCVELIST:CVE-2020-15217HistoryOct 07, 2020 - 7:10 p.m.
CVE-2020-15217 User data exposure in GLPI
2020-10-0719:10:13
CWE-79
GitHub_M
www.cve.org
5
glpi
user data exposure
faq leakage
version 9.5.0
version 9.5.1
version 9.5.2
public access.
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
30.9%
In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.
CNA Affected
[
{
"product": "glpi",
"vendor": "glpi-project",
"versions": [
{
"status": "affected",
"version": ">= 9.5.0, < 9.5.2"
}
]
}
]Related
nessus
nessus
prion
prion
Design/Logic Flaw
2020-10-07 19:15:00
ubuntucve
ubuntucve
CVE-2020-15217
2020-10-07 00:00:00
freebsd
freebsd
glpi -- leakage issue with knowledge base
2020-06-25 00:00:00
nvd
nvd
CVE-2020-15217
2020-10-07 19:15:12
cve
cve
CVE-2020-15217
2020-10-07 19:15:12
osv
osv
CVE-2020-15217
2020-10-07 19:15:12
altlinux
altlinux
Security fix for the ALT Linux 10 package glpi version 9.5.2-alt1
2020-10-26 00:00:00
Security fix for the ALT Linux 9 package glpi version 9.5.2-alt1
2020-10-26 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
30.9%
Related for CVELIST:CVE-2020-15217