Lucene search

GoogleOSV:CVE-2022-39371

HistoryNov 03, 2022 - 4:15 p.m.

CVE-2022-39371

2022-11-0316:15:10

Google

osv.dev

glpi

it management

itil

service desk

licenses tracking

software auditing

html tags

vulnerability

upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.

CPENameOperatorVersion
glpieq10.0.3
glpieq10.0.0
glpieq10.0.1
glpieq10.0.2

Name	Operator	Version
glpi	eq	10.0.3
glpi	eq	10.0.0
glpi	eq	10.0.1
glpi	eq	10.0.2

References

github.com/glpi-project/glpi/security/advisories/GHSA-w7wc-728f-6mm8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for OSV:CVE-2022-39371