Lucene search

FreeBSD1FE40200-6823-11EE-B06F-0050569CEB3A

HistoryJul 05, 2023 - 12:00 a.m.

GLPI vulnerable to unauthorized access to KnowbaseItem data

2023-07-0500:00:00

vuxml.freebsd.org

glpi

unauthorized access

vulnerability

knowbaseitem

security advisory

patch

it management

software package

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

35.3%

JSON

[email protected] reports:

GLPI is a free asset and IT management software package. Versions
of the software starting with 9.2.0 and prior to 10.0.8 have an
incorrect rights check on a on a file accessible by an authenticated
user, allows access to the view all KnowbaseItems. Version 10.0.8
has a patch for this issue.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchglpi= 9.2.0,1UNKNOWN
FreeBSDanynoarchglpi< 10.0.8,1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	glpi	= 9.2.0,1	UNKNOWN
FreeBSD	any	noarch	glpi	< 10.0.8,1	UNKNOWN

References

nvd.nist.gov/vuln/detail/CVE-2023-34107

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

35.3%

JSON

Related for 1FE40200-6823-11EE-B06F-0050569CEB3A