Lucene search
GoogleOSV:CVE-2020-11035HistoryMay 05, 2020 - 10:15 p.m.
CVE-2020-11035
2020-05-0522:15:12
Google
osv.dev
5
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
References
github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/
Related
ubuntucve
ubuntucve
CVE-2020-11035
2020-05-05 00:00:00
nvd
nvd
CVE-2020-11035
2020-05-05 22:15:12
cvelist
cvelist
CVE-2020-11035 weak CSRF tokens in GLPI
2020-05-05 21:30:12
nessus
nessus
FreeBSD : glpi -- weak csrf tokens (b64edef7-3b10-11eb-af2a-080027dbe4b7)
2020-12-14 00:00:00
Fedora 31 : glpi (2020-885e2343ed)
2020-05-14 00:00:00
cve
cve
CVE-2020-11035
2020-05-05 22:15:12
freebsd
freebsd
glpi -- weak csrf tokens
2020-03-30 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-05-05 22:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0220)
2022-01-28 00:00:00
Fedora: Security Advisory for glpi (FEDORA-2020-ee30e1109f)
2020-05-15 00:00:00
Fedora: Security Advisory for glpi (FEDORA-2020-885e2343ed)
2020-05-15 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: glpi-9.4.6-1.fc32
2020-05-14 02:37:02
[SECURITY] Fedora 31 Update: glpi-9.4.6-1.fc31
2020-05-14 02:29:57
mageia
mageia
Updated glpi packages fix security vulnerabilities
2020-05-24 21:04:47