CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
26.4%
GLPI team reports:
GLPI 10.0.13 Changelog
[SECURITY - high] SQL Injection in through the search engine (CVE-2024-27096)
[SECURITY - moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)
[SECURITY - moderate] Stored XSS in dashboards (CVE-2024-27104)
[SECURITY - moderate] Reflected XSS in debug mode (CVE-2024-27914)
[SECURITY - moderate] Sensitive fields access through dropdowns (CVE-2024-27930)
[SECURITY - moderate] Users emails enumeration (CVE-2024-27937)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
26.4%