Lucene search

GoogleOSV:CVE-2022-31068

HistoryJun 28, 2022 - 6:15 p.m.

CVE-2022-31068

2022-06-2818:15:08

Google

osv.dev

glpi

asset management

itil service desk

data center management

sensitive information leakage

authentication issue

version 10.0.2

upgrade

software auditing

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.

References

github.com/glpi-project/glpi/commit/9953a644777e4167b06db9e14fc93b945a557be5

github.com/glpi-project/glpi/security/advisories/GHSA-g4hm-6vfr-q3wg

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Related for OSV:CVE-2022-31068