Lucene search

[email protected]NVD:CVE-2023-34106

HistoryJul 05, 2023 - 6:15 p.m.

CVE-2023-34106

2023-07-0518:15:10

CWE-863

CWE-284

[email protected]

web.nvd.nist.gov

glpi

software

vulnerability

unauthorized access

user information

upgrade

patch

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.3%

JSON

GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch.

Affected configurations

Nvd

Node

glpi-projectglpiRange0.68–10.0.8

VendorProductVersionCPE
glpi-projectglpi*cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
glpi-project	glpi	*	cpe:2.3:a:glpi-project:glpi::::::::

References

github.com/glpi-project/glpi/releases/tag/10.0.8

github.com/glpi-project/glpi/security/advisories/GHSA-923r-hqh4-wj7c

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.3%

JSON

Related for NVD:CVE-2023-34106

prion1 cve1 osv1 freebsd1 cvelist1 redos1