Lucene search

FreeBSD40173815-6827-11EE-B06F-0050569CEB3A

HistoryJul 05, 2023 - 12:00 a.m.

GLPI vulnerable to unauthorized access to User data

2023-07-0500:00:00

vuxml.freebsd.org

glpi

unauthorized access

user data

security advisories

upgrade

software vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

35.3%

JSON

[email protected] reports:

GLPI is a free asset and IT management software package. Versions
of the software starting with 0.68 and prior to 10.0.8 have an
incorrect rights check on a on a file accessible by an authenticated
user. This allows access to the list of all users and their personal
information. Users should upgrade to version 10.0.8 to receive a
patch.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchglpi< 10.0.8,1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	glpi	< 10.0.8,1	UNKNOWN

References

nvd.nist.gov/vuln/detail/CVE-2023-34106

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

35.3%

JSON

Related for 40173815-6827-11EE-B06F-0050569CEB3A